U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:mikrotik:routeros:6.42:rc24:*:*:testing:*:*:*
  • CPE Name Search: true
There are 29 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-20021

An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon.

Published: July 12, 2023; 9:15:09 AM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-45315

Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet.

Published: December 05, 2022; 11:15:10 AM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-45313

Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message.

Published: December 05, 2022; 11:15:09 AM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2022-36522

Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.

Published: August 26, 2022; 2:15:09 PM -0400
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2021-36614

Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

Published: May 11, 2022; 2:15:22 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2021-36613

Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

Published: May 11, 2022; 2:15:22 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-20262

Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.

Published: July 21, 2021; 11:15:12 AM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-20249

Mikrotik RouterOs before stable 6.47 suffers from a memory corruption vulnerability in the resolver process. By sending a crafted packet, an authenticated remote attacker can cause a Denial of Service.

Published: July 19, 2021; 2:15:08 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-20230

Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.

Published: July 19, 2021; 1:15:10 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-20252

Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

Published: July 13, 2021; 2:15:07 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-20250

Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). NOTE: this is different from CVE-2020-20253 and CVE-2020-20254. All four vulnerabilities in the /nova/bin/lcdstat process are discussed in the CVE-2020-20250 github.com/cq674350529 reference.

Published: July 13, 2021; 8:15:09 AM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-20217

Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.

Published: July 08, 2021; 8:15:09 AM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-20264

Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced-tools/nova/bin/netwatch process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error.

Published: May 19, 2021; 8:15:07 AM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-20267

Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.

Published: May 11, 2021; 11:15:07 AM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-20265

Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted packet.

Published: May 11, 2021; 11:15:07 AM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2021-3014

In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter.

Published: January 04, 2021; 2:15:15 PM -0500
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-16160

An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service.

Published: October 07, 2020; 12:15:12 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-11881

An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to crash the SMB server via modified setup-request packets, aka SUP-12964.

Published: September 14, 2020; 5:15:10 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-10364

The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management.

Published: March 23, 2020; 12:15:13 PM -0400
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2018-5951

An issue was discovered in Mikrotik RouterOS. Crafting a packet that has a size of 1 byte and sending it to an IPv6 address of a RouterOS box with IP Protocol 97 will cause RouterOS to reboot imminently. All versions of RouterOS that supports EoIPv6 are vulnerable to this attack.

Published: March 02, 2020; 5:15:12 PM -0500
V3.1: 7.5 HIGH
V2.0: 7.1 HIGH