VYPR
Medium severity5.9NVD Advisory· Published Feb 27, 2017· Updated Jun 17, 2026

CVE-2017-6297

CVE-2017-6297

Description

The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Mikrotik/Routeros3 versions
    cpe:2.3:o:mikrotik:routeros:6.37.4:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:mikrotik:routeros:6.37.4:*:*:*:*:*:*:*
    • cpe:2.3:o:mikrotik:routeros:6.83.3:*:*:*:*:*:*:*
    • (no CPE)range: 6.83.3 and 6.37.4

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.