Mikrotik Routeros vulnerabilities
85 known vulnerabilities affecting mikrotik/routeros.
Total CVEs
85
CISA KEV
2
actively exploited
Public exploits
13
Exploited in wild
6
Severity breakdown
CRITICAL5HIGH29MEDIUM50LOW1
Vulnerabilities
Page 3 of 5
CVE-2020-20021P4HIGHCVSS 7.5≤ 6.46.32023-07-12
CVE-2020-20021 [HIGH] CWE-400 CVE-2020-20021: An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of servic
An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon.
nvd
CVE-2020-20236P4MEDIUMCVSS 6.5v6.46.32021-05-18
CVE-2020-20236 [MEDIUM] CWE-787 CVE-2020-20236: Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/b
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
nvd
CVE-2020-20214P4MEDIUMCVSS 6.5v6.44.62021-05-18
CVE-2020-20214 [MEDIUM] CWE-617 CVE-2020-20214: Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the bte
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
nvd
CVE-2018-1158P4MEDIUMCVSS 6.5fixed in 6.40.9fixed in 6.42.72018-08-23
CVE-2018-1158 [MEDIUM] CWE-674 CVE-2018-1158: Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An aut
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON.
nvd
CVE-2018-1159P4MEDIUMCVSS 6.5fixed in 6.40.9fixed in 6.42.72018-08-23
CVE-2018-1159 [MEDIUM] CWE-119 CVE-2018-1159: Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. An au
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. An authenticated remote attacker can crash the HTTP server by rapidly authenticating and disconnecting.
nvd
CVE-2020-20213P4MEDIUMCVSS 6.5v6.44.52021-07-07
CVE-2020-20213 [MEDIUM] CWE-674 CVE-2020-20213: Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nov
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
nvd
CVE-2020-20250P4MEDIUMCVSS 6.5fixed in 6.472021-07-13
CVE-2020-20250 [MEDIUM] CWE-476 CVE-2020-20250: Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /
Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). NOTE: this is different from CVE-2020-20253 and CVE-2020-20254. All four vulnerabilities in the /nova/bin/lcdstat process are discusse
nvd
CVE-2023-24094P4HIGHCVSS 7.5v6.40.52023-03-27
CVE-2023-24094 [HIGH] CWE-787 CVE-2023-24094: An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows attackers to cause a Denial of
An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows attackers to cause a Denial of Service (DoS) via crafted packets.
nvd
CVE-2020-20222P4MEDIUMCVSS 6.5v6.44.62021-05-18
CVE-2020-20222 [MEDIUM] CWE-476 CVE-2020-20222: Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nov
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
nvd
CVE-2020-20227P4MEDIUMCVSS 6.5v6.472021-05-18
CVE-2020-20227 [MEDIUM] CWE-787 CVE-2020-20227: Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd
Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
nvd
CVE-2020-20237P4MEDIUMCVSS 6.5v6.46.32021-05-18
CVE-2020-20237 [MEDIUM] CWE-787 CVE-2020-20237: Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/b
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
nvd
CVE-2020-20262P4MEDIUMCVSS 6.5fixed in 6.472021-07-21
CVE-2020-20262 [MEDIUM] CWE-617 CVE-2020-20262: Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /
Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
nvd
CVE-2020-20265P4MEDIUMCVSS 6.5fixed in 6.472021-05-11
CVE-2020-20265 [MEDIUM] CWE-787 CVE-2020-20265: Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /r
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted packet.
nvd
CVE-2020-20211P4MEDIUMCVSS 6.5v6.44.52021-07-07
CVE-2020-20211 [MEDIUM] CWE-617 CVE-2020-20211: Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /no
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
nvd
CVE-2020-20218P4MEDIUMCVSS 6.5v6.44.62021-05-03
CVE-2020-20218 [MEDIUM] CWE-787 CVE-2020-20218: Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nov
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable.
nvd
CVE-2020-20249P4MEDIUMCVSS 6.5fixed in 6.472021-07-19
CVE-2020-20249 [MEDIUM] CWE-787 CVE-2020-20249: Mikrotik RouterOs before stable 6.47 suffers from a memory corruption vulnerability in the resolver
Mikrotik RouterOs before stable 6.47 suffers from a memory corruption vulnerability in the resolver process. By sending a crafted packet, an authenticated remote attacker can cause a Denial of Service.
nvd
CVE-2020-20267P4MEDIUMCVSS 6.5fixed in 6.472021-05-11
CVE-2020-20267 [MEDIUM] CWE-787 CVE-2020-20267: Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /n
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
nvd
CVE-2020-20221P4MEDIUMCVSS 6.5fixed in 6.44.62021-07-21
CVE-2020-20221 [MEDIUM] CWE-400 CVE-2020-20221: Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption v
Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
nvd
CVE-2020-20246P4MEDIUMCVSS 6.5v6.46.32021-05-18
CVE-2020-20246 [MEDIUM] CWE-787 CVE-2020-20246: Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the mactel process
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the mactel process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
nvd
CVE-2020-20245P4MEDIUMCVSS 6.5v6.46.32021-05-18
CVE-2020-20245 [MEDIUM] CWE-787 CVE-2020-20245: Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. A
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
nvd