U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:mikrotik:routeros:6.42:rc18:*:*:testing:*:*:*
  • CPE Name Search: true
There are 28 matching records.
Displaying matches 21 through 28.
Vuln ID Summary CVSS Severity
CVE-2019-13955

Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected.

Published: July 26, 2019; 9:15:12 AM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2019-13954

Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected.

Published: July 26, 2019; 9:15:12 AM -0400
V3.0: 6.5 MEDIUM
V2.0: 6.8 MEDIUM
CVE-2019-13074

A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource management.

Published: July 03, 2019; 5:15:10 PM -0400
V3.0: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2019-3943

MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk).

Published: April 10, 2019; 5:29:01 PM -0400
V3.1: 8.1 HIGH
V2.0: 7.5 HIGH
CVE-2019-3924

MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router's firewall or for general network scanning activities.

Published: February 20, 2019; 3:29:03 PM -0500
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-1157

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system via a crafted HTTP POST request.

Published: August 23, 2018; 3:29:00 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 6.8 MEDIUM
CVE-2018-1156

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker execute arbitrary code on the system.

Published: August 23, 2018; 3:29:00 PM -0400
V3.0: 8.8 HIGH
V2.0: 9.0 HIGH
CVE-2018-14847

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.

Published: August 02, 2018; 3:29:00 AM -0400
V3.0: 9.1 CRITICAL
V2.0: 6.4 MEDIUM