Routeros
by Mikrotik
CVEs (86)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-20266 | 0.00 | — | 0.02 | May 19, 2021 | Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). | |||
| CVE-2020-20264 | 0.00 | — | 0.02 | May 19, 2021 | Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced-tools/nova/bin/netwatch process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error. | |||
| CVE-2020-20245 | 0.00 | — | 0.03 | May 18, 2021 | Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. An authenticated remote attacker can cause a Denial of Service due to improper memory access. | |||
| CVE-2020-20246 | 0.00 | — | 0.03 | May 18, 2021 | Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the mactel process. An authenticated remote attacker can cause a Denial of Service due to improper memory access. | |||
| CVE-2020-20227 | 0.00 | — | 0.03 | May 18, 2021 | Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access. | |||
| CVE-2020-20220 | 0.00 | — | 0.03 | May 18, 2021 | Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). | |||
| CVE-2020-20237 | 0.00 | — | 0.03 | May 18, 2021 | Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access. | |||
| CVE-2020-20236 | 0.00 | — | 0.03 | May 18, 2021 | Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access. | |||
| CVE-2020-20222 | 0.00 | — | 0.03 | May 18, 2021 | Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). | |||
| CVE-2020-20214 | 0.00 | — | 0.03 | May 18, 2021 | Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet. | |||
| CVE-2020-20254 | 0.00 | — | 0.02 | May 18, 2021 | Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). | |||
| CVE-2020-20253 | 0.00 | — | 0.02 | May 18, 2021 | Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by zero vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error. | |||
| CVE-2020-20265 | 0.00 | — | 0.02 | May 11, 2021 | Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted packet. | |||
| CVE-2020-20267 | 0.00 | — | 0.02 | May 11, 2021 | Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access. | |||
| CVE-2020-20218 | 0.00 | — | 0.02 | May 3, 2021 | Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable. | |||
| CVE-2020-20247 | 0.00 | — | 0.01 | May 3, 2021 | Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable. | |||
| CVE-2021-3014 | 0.00 | — | 0.01 | Jan 4, 2021 | In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter. | |||
| CVE-2019-16160 | 0.00 | — | 0.03 | Oct 7, 2020 | An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service. | |||
| CVE-2020-10364 | 0.00 | — | 0.03 | Mar 23, 2020 | The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management. | |||
| CVE-2019-3976 | 0.00 | — | 0.02 | Oct 28, 2019 | RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell… |
- CVE-2020-20266May 19, 2021risk 0.00cvss —epss 0.02
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
- CVE-2020-20264May 19, 2021risk 0.00cvss —epss 0.02
Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced-tools/nova/bin/netwatch process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error.
- CVE-2020-20245May 18, 2021risk 0.00cvss —epss 0.03
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
- CVE-2020-20246May 18, 2021risk 0.00cvss —epss 0.03
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the mactel process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
- CVE-2020-20227May 18, 2021risk 0.00cvss —epss 0.03
Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
- CVE-2020-20220May 18, 2021risk 0.00cvss —epss 0.03
Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
- CVE-2020-20237May 18, 2021risk 0.00cvss —epss 0.03
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
- CVE-2020-20236May 18, 2021risk 0.00cvss —epss 0.03
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
- CVE-2020-20222May 18, 2021risk 0.00cvss —epss 0.03
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
- CVE-2020-20214May 18, 2021risk 0.00cvss —epss 0.03
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
- CVE-2020-20254May 18, 2021risk 0.00cvss —epss 0.02
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
- CVE-2020-20253May 18, 2021risk 0.00cvss —epss 0.02
Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by zero vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error.
- CVE-2020-20265May 11, 2021risk 0.00cvss —epss 0.02
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted packet.
- CVE-2020-20267May 11, 2021risk 0.00cvss —epss 0.02
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
- CVE-2020-20218May 3, 2021risk 0.00cvss —epss 0.02
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable.
- CVE-2020-20247May 3, 2021risk 0.00cvss —epss 0.01
Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable.
- CVE-2021-3014Jan 4, 2021risk 0.00cvss —epss 0.01
In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter.
- CVE-2019-16160Oct 7, 2020risk 0.00cvss —epss 0.03
An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service.
- CVE-2020-10364Mar 23, 2020risk 0.00cvss —epss 0.03
The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management.
- CVE-2019-3976Oct 28, 2019risk 0.00cvss —epss 0.02
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell…
Page 4 of 5