Mikrotik Routeros vulnerabilities
85 known vulnerabilities affecting mikrotik/routeros.
Total CVEs
85
CISA KEV
2
actively exploited
Public exploits
13
Exploited in wild
6
Severity breakdown
CRITICAL5HIGH29MEDIUM50LOW1
Vulnerabilities
Page 5 of 5
CVE-2022-36522P4MEDIUMCVSS 6.5≤ 6.48.32022-08-26
CVE-2022-36522 [MEDIUM] CWE-617 CVE-2022-36522: Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the compo
Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
nvd
CVE-2017-6297P4MEDIUMCVSS 5.9v6.37.4v6.83.32017-02-27
CVE-2017-6297 [MEDIUM] CWE-311 CVE-2017-6297: The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption aft
The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret.
nvd
CVE-2024-54772P4MEDIUMCVSS 5.4≥ 6.43, < 6.49.18≥ 6.43.13, ≤ 6.49.13+1 more2025-02-11
CVE-2024-54772 [MEDIUM] CWE-208 CVE-2024-54772: An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 throug
An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through v7.17.2. A patch is available in the stable release v6.49.18. A discrepancy in response size between connection attempts made with a valid username and those with an invalid username allows attackers to enumerate fo
nvd
CVE-2021-3014P4MEDIUMCVSS 6.1≤ 2021-01-042021-01-04
CVE-2021-3014 [MEDIUM] CWE-79 CVE-2021-3014: In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via t
In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter.
nvd
CVE-2019-3981P4LOWCVSS 3.7fixed in 6.432020-01-14
CVE-2019-3981 [LOW] CWE-300 CVE-2019-3981: MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can d
MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed password.
nvd
← Previous5 / 5