Mikrotik Routeros vulnerabilities
85 known vulnerabilities affecting mikrotik/routeros.
Total CVEs
85
CISA KEV
2
actively exploited
Public exploits
13
Exploited in wild
6
Severity breakdown
CRITICAL5HIGH29MEDIUM50LOW1
Vulnerabilities
Page 1 of 5
CVE-2018-14847P1CRITICALCVSS 9.1KEVPoC≤ 6.422018-08-02
CVE-2018-14847 [CRITICAL] CWE-22 CVE-2018-14847: MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and r
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
nvd
CVE-2018-7445P1CRITICALCVSS 9.8KEVPoCfixed in 6.41.3v6.42-rc11+11 more2018-03-19
CVE-2018-7445 [CRITICAL] CWE-119 CVE-2018-7445: A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session req
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit
nvd
CVE-2017-20149P1CRITICALCVSS 9.8ExploitedPoCfixed in 6.37.5≥ 6.38, < 6.38.52022-10-15
CVE-2017-20149 [CRITICAL] CWE-787 CVE-2017-20149: The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-
The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-
nvd
CVE-2023-30799P2HIGHCVSS 7.2ExploitedPoC≤ 6.48.7≥ 6.34, < 6.49.7+1 more2023-07-19
CVE-2023-30799 [HIGH] CWE-269 CVE-2023-30799: MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege es
MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.
nvd
CVE-2019-3978P2HIGHCVSS 7.5ExploitedPoC≤ 6.44.5≤ 6.45.62019-10-29
CVE-2019-3978 [HIGH] CWE-306 CVE-2019-3978: RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker's choice. The DNS responses are cached by the router, potentially resulting in cache poisoning
nvd
CVE-2019-3924P2HIGHCVSS 7.5PoCfixed in 6.42.12fixed in 6.43.122019-02-20
CVE-2019-3924 [HIGH] CWE-441 CVE-2019-3924: MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary v
MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router's firewall or for general network scanning activities.
nvd
CVE-2017-7285P2HIGHCVSS 7.5PoCv6.38.52017-03-29
CVE-2017-7285 [HIGH] CWE-400 CVE-2017-7285: A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an u
A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections.
nvd
CVE-2019-3977P3HIGHCVSS 7.5Exploited≤ 6.44.5≤ 6.45.62019-10-29
CVE-2019-3977 [HIGH] CWE-494 CVE-2019-3977: RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade p
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possibly reseting all the system's usernames and passwords.
nvd
CVE-2021-27221P3HIGHCVSS 8.1PoCv6.47.92021-03-19
CVE-2021-27221 [HIGH] CVE-2021-27221: MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc
MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies work
nvd
CVE-2017-6444P3HIGHCVSS 7.5PoCv6.252017-03-12
CVE-2017-6444 [HIGH] CWE-400 CVE-2017-6444: The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the
The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many ACK packets. After the attacker stops the exploit, the CPU usage is 100% and the router requires a reboot for normal operation
nvd
CVE-2019-3943P3HIGHCVSS 8.1PoC≤ 6.42.12≤ 6.43.12+7 more2019-04-10
CVE-2019-3943 [HIGH] CWE-23 CVE-2019-3943: MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44be
MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk).
nvd
CVE-2008-6976P3MEDIUMCVSS 6.4PoC≥ 2.0, ≤ 2.9.51≥ 3.0, ≤ 3.132009-08-19
CVE-2008-6976 [MEDIUM] CWE-20 CVE-2008-6976: MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network
MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System (NMS) settings via a crafted SNMP set request.
nvd
CVE-2025-10948P2HIGHCVSS 8.8v72025-09-25
CVE-2025-10948 [HIGH] CWE-119 CVE-2025-10948: A vulnerability has been found in MikroTik RouterOS 7. This affects the function parse_json_element
A vulnerability has been found in MikroTik RouterOS 7. This affects the function parse_json_element of the file /rest/ip/address/print of the component libjson.so. The manipulation leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.20.1 and 7.
nvd
CVE-2021-41987P2HIGHCVSS 8.1v6.46.8v6.47.9+1 more2022-03-16
CVE-2021-41987 [HIGH] CWE-787 CVE-2021-41987: In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based bu
In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scep_server_name value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10.
nvd
CVE-2018-1156P3HIGHCVSS 8.8fixed in 6.40.9fixed in 6.42.72018-08-23
CVE-2018-1156 [HIGH] CWE-787 CVE-2018-1156: Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the licens
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker execute arbitrary code on the system.
nvd
CVE-2012-6050P3MEDIUMCVSS 6.4PoCv5.152012-11-27
CVE-2012-6050 [MEDIUM] CWE-16 CVE-2012-6050: The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial o
The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router's DLLs or plugins, as demonstrated by roteros.dll.
nvd
CVE-2022-34960P3CRITICALCVSS 9.8v7.42022-08-25
CVE-2022-34960 [CRITICAL] CWE-59 CVE-2022-34960: The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointi
The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the attacker to mount any arbitrary file to any location on the host.
nvd
CVE-2019-3976P3HIGHCVSS 8.8≤ 6.44.5≤ 6.45.62019-10-29
CVE-2019-3976 [HIGH] CWE-23 CVE-2019-3976: RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary director
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled.
nvd
CVE-2022-45315P3CRITICALCVSS 9.8fixed in 7.62022-12-05
CVE-2022-45315 [CRITICAL] CWE-125 CVE-2022-45315: Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp pro
Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows authenticated attackers to execute arbitrary code via a crafted packet.
nvd
CVE-2023-32154P3HIGHCVSS 7.5fixed in 6.48.7v6.49.7 Stable2024-05-03
CVE-2023-32154 [HIGH] CWE-787 CVE-2023-32154: Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability
Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Router Advertisement Daemon. The issue results
nvd
1 / 5Next →