Routeros
by Mikrotik
CVEs (86)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-36613 | 0.00 | — | 0.02 | May 11, 2022 | Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). | |||
| CVE-2021-36614 | 0.00 | — | 0.02 | May 11, 2022 | Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). | |||
| CVE-2020-22845 | 0.00 | — | 0.01 | Feb 28, 2022 | A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests. | |||
| CVE-2020-22844 | 0.00 | — | 0.01 | Feb 28, 2022 | A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests. | |||
| CVE-2020-20221 | 0.00 | — | 0.03 | Jul 21, 2021 | Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. | |||
| CVE-2020-20262 | 0.00 | — | 0.02 | Jul 21, 2021 | Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet. | |||
| CVE-2020-20219 | 0.00 | — | 0.02 | Jul 21, 2021 | Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/igmp-proxy process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). | |||
| CVE-2020-20248 | 0.00 | — | 0.02 | Jul 19, 2021 | Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. | |||
| CVE-2020-20249 | 0.00 | — | 0.02 | Jul 19, 2021 | Mikrotik RouterOs before stable 6.47 suffers from a memory corruption vulnerability in the resolver process. By sending a crafted packet, an authenticated remote attacker can cause a Denial of Service. | |||
| CVE-2020-20230 | 0.00 | — | 0.02 | Jul 19, 2021 | Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. | |||
| CVE-2020-20231 | 0.00 | — | 0.02 | Jul 14, 2021 | Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). | |||
| CVE-2020-20252 | 0.00 | — | 0.02 | Jul 13, 2021 | Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). | |||
| CVE-2020-20250 | 0.00 | — | 0.02 | Jul 13, 2021 | Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). NOTE: this is different from CVE-2020-20253 and… | |||
| CVE-2020-20217 | 0.00 | — | 0.02 | Jul 8, 2021 | Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. | |||
| CVE-2020-20225 | 0.00 | — | 0.02 | Jul 7, 2021 | Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet. | |||
| CVE-2020-20216 | 0.00 | — | 0.02 | Jul 7, 2021 | Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). | |||
| CVE-2020-20215 | 0.00 | — | 0.02 | Jul 7, 2021 | Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access. | |||
| CVE-2020-20213 | 0.00 | — | 0.02 | Jul 7, 2021 | Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. | |||
| CVE-2020-20212 | 0.00 | — | 0.02 | Jul 7, 2021 | Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). | |||
| CVE-2020-20211 | 0.00 | — | 0.02 | Jul 7, 2021 | Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet. |
- CVE-2021-36613May 11, 2022risk 0.00cvss —epss 0.02
Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
- CVE-2021-36614May 11, 2022risk 0.00cvss —epss 0.02
Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
- CVE-2020-22845Feb 28, 2022risk 0.00cvss —epss 0.01
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests.
- CVE-2020-22844Feb 28, 2022risk 0.00cvss —epss 0.01
A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests.
- CVE-2020-20221Jul 21, 2021risk 0.00cvss —epss 0.03
Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
- CVE-2020-20262Jul 21, 2021risk 0.00cvss —epss 0.02
Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
- CVE-2020-20219Jul 21, 2021risk 0.00cvss —epss 0.02
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/igmp-proxy process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
- CVE-2020-20248Jul 19, 2021risk 0.00cvss —epss 0.02
Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
- CVE-2020-20249Jul 19, 2021risk 0.00cvss —epss 0.02
Mikrotik RouterOs before stable 6.47 suffers from a memory corruption vulnerability in the resolver process. By sending a crafted packet, an authenticated remote attacker can cause a Denial of Service.
- CVE-2020-20230Jul 19, 2021risk 0.00cvss —epss 0.02
Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
- CVE-2020-20231Jul 14, 2021risk 0.00cvss —epss 0.02
Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
- CVE-2020-20252Jul 13, 2021risk 0.00cvss —epss 0.02
Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
- CVE-2020-20250Jul 13, 2021risk 0.00cvss —epss 0.02
Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). NOTE: this is different from CVE-2020-20253 and…
- CVE-2020-20217Jul 8, 2021risk 0.00cvss —epss 0.02
Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
- CVE-2020-20225Jul 7, 2021risk 0.00cvss —epss 0.02
Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
- CVE-2020-20216Jul 7, 2021risk 0.00cvss —epss 0.02
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
- CVE-2020-20215Jul 7, 2021risk 0.00cvss —epss 0.02
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
- CVE-2020-20213Jul 7, 2021risk 0.00cvss —epss 0.02
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
- CVE-2020-20212Jul 7, 2021risk 0.00cvss —epss 0.02
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
- CVE-2020-20211Jul 7, 2021risk 0.00cvss —epss 0.02
Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
Page 3 of 5