Mikrotik Routeros vulnerabilities
85 known vulnerabilities affecting mikrotik/routeros.
Total CVEs
85
CISA KEV
2
actively exploited
Public exploits
13
Exploited in wild
6
Severity breakdown
CRITICAL5HIGH29MEDIUM50LOW1
Vulnerabilities
Page 4 of 5
CVE-2021-36614P4MEDIUMCVSS 6.5fixed in 6.48.22022-05-11
CVE-2021-36614 [MEDIUM] CWE-476 CVE-2021-36614: Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-c
Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
nvd
CVE-2021-36613P4MEDIUMCVSS 6.5fixed in 6.48.22022-05-11
CVE-2021-36613 [MEDIUM] CWE-476 CVE-2021-36613: Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp pro
Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
nvd
CVE-2020-20225P4MEDIUMCVSS 6.5fixed in 6.472021-07-07
CVE-2020-20225 [MEDIUM] CWE-617 CVE-2020-20225: Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /
Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
nvd
CVE-2020-20217P4MEDIUMCVSS 6.5fixed in 6.472021-07-08
CVE-2020-20217 [MEDIUM] CWE-400 CVE-2020-20217: Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulner
Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
nvd
CVE-2020-20219P4MEDIUMCVSS 6.5v6.44.62021-07-21
CVE-2020-20219 [MEDIUM] CWE-787 CVE-2020-20219: Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nov
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/igmp-proxy process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
nvd
CVE-2020-20212P4MEDIUMCVSS 6.5v6.44.52021-07-07
CVE-2020-20212 [MEDIUM] CWE-476 CVE-2020-20212: Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nov
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
nvd
CVE-2020-20215P4MEDIUMCVSS 6.5v6.44.62021-07-07
CVE-2020-20215 [MEDIUM] CWE-787 CVE-2020-20215: Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nov
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
nvd
CVE-2020-20220P4MEDIUMCVSS 6.5fixed in 6.472021-05-18
CVE-2020-20220 [MEDIUM] CWE-119 CVE-2020-20220: Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/b
Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
nvd
CVE-2020-20266P4MEDIUMCVSS 6.5fixed in 6.472021-05-19
CVE-2020-20266 [MEDIUM] CWE-476 CVE-2020-20266: Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /n
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
nvd
CVE-2020-20264P4MEDIUMCVSS 6.5fixed in 6.472021-05-19
CVE-2020-20264 [MEDIUM] CWE-369 CVE-2020-20264: Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced-tools/nova/bin/netwatch proces
Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced-tools/nova/bin/netwatch process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error.
nvd
CVE-2020-20254P4MEDIUMCVSS 6.5fixed in 6.472021-05-18
CVE-2020-20254 [MEDIUM] CWE-787 CVE-2020-20254: Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /n
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
nvd
CVE-2020-20253P4MEDIUMCVSS 6.5fixed in 6.472021-05-18
CVE-2020-20253 [MEDIUM] CWE-369 CVE-2020-20253: Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by zero vulnerability in the /nov
Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by zero vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error.
nvd
CVE-2020-20231P4MEDIUMCVSS 6.5≥ 6.44.6, ≤ 6.48.32021-07-14
CVE-2020-20231 [MEDIUM] CWE-476 CVE-2020-20231: Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in th
Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
nvd
CVE-2020-20230P4MEDIUMCVSS 6.5fixed in 6.472021-07-19
CVE-2020-20230 [MEDIUM] CWE-400 CVE-2020-20230: Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd p
Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
nvd
CVE-2020-20248P4MEDIUMCVSS 6.5v6.472021-07-19
CVE-2020-20248 [MEDIUM] CWE-400 CVE-2020-20248: Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtes
Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
nvd
CVE-2020-20252P4MEDIUMCVSS 6.5fixed in 6.472021-07-13
CVE-2020-20252 [MEDIUM] CWE-476 CVE-2020-20252: Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /
Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
nvd
CVE-2020-20216P4MEDIUMCVSS 6.5v6.44.62021-07-07
CVE-2020-20216 [MEDIUM] CWE-476 CVE-2020-20216: Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nov
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
nvd
CVE-2020-20247P4MEDIUMCVSS 6.5fixed in 6.46.52021-05-03
CVE-2020-20247 [MEDIUM] CWE-787 CVE-2020-20247: Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the
Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable.
nvd
CVE-2023-41570P4MEDIUMCVSS 5.3≥ 7.1, < 7.122023-11-14
CVE-2023-41570 [MEDIUM] CWE-284 CVE-2023-41570: MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in plac
MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API.
nvd
CVE-2015-2350P4MEDIUMCVSS 6.8≤ 5.02015-03-19
CVE-2015-2350 [MEDIUM] CWE-352 CVE-2015-2350: Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and earlier allows remote a
Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request in the status page to /cfg.
nvd