Every CVE whose affected-product data names Mikrotik Routeros, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (82)
CVE-2022-34960 — CVSS 9.8 (critical): The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to…
CVE-2017-20149 — CVSS 9.8 (critical): The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote…
CVE-2023-30799 — CVSS 9.1 (critical): MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and…
CVE-2019-3976 — CVSS 8.8 (high): RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the…
CVE-2018-1156 — CVSS 8.8 (high): Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability…
CVE-2022-45313 — CVSS 8.8 (high): Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows…
CVE-2018-10066 — CVSS 8.1 (high): An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated…
CVE-2019-3943 — CVSS 8.1 (high): MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an…
CVE-2021-27221 — CVSS 8.1 (high): MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE…
CVE-2021-41987 — CVSS 8.1 (high): In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code…
CVE-2017-8338 — CVSS 7.5 (high): A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP…
CVE-2018-5951 — CVSS 7.5 (high): An issue was discovered in Mikrotik RouterOS. Crafting a packet that has a size of 1 byte and sending it to an IPv6 address of a RouterOS…
CVE-2020-22844 — CVSS 7.5 (high): A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests.
CVE-2020-22845 — CVSS 7.5 (high): A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests.
CVE-2023-30800 — CVSS 7.5 (high): The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can…
CVE-2019-13074 — CVSS 7.5 (high): A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to exhaust all available memory, causing…
CVE-2023-24094 — CVSS 7.5 (high): An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows attackers to cause a Denial of Service (DoS) via crafted packets.
CVE-2017-6444 — CVSS 7.5 (high): The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection…
CVE-2017-7285 — CVSS 7.5 (high): A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to…
CVE-2019-16160 — CVSS 7.5 (high): An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service.
CVE-2019-3924 — CVSS 7.5 (high): MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute…
CVE-2019-3977 — CVSS 7.5 (high): RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using…
CVE-2019-3978 — CVSS 7.5 (high): RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291…
CVE-2019-3979 — CVSS 7.5 (high): RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records…
CVE-2020-10364 — CVSS 7.5 (high): The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized…
CVE-2020-11881 — CVSS 7.5 (high): An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7.x through 7.0 Beta5, allows an unauthenticated remote attacker to…
CVE-2020-20021 — CVSS 7.5 (high): An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH…
CVE-2024-54952 — CVSS 7.5 (high): MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Remote, unauthenticated attackers can exploit this…
CVE-2025-6443 — CVSS 7.2 (high): Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability. This vulnerability allows remote attackers to bypass access…
CVE-2015-2350 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and earlier allows remote attackers to hijack the authentication…
CVE-2020-20254 — CVSS 6.5 (medium): Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An…
CVE-2020-20262 — CVSS 6.5 (medium): Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec…
CVE-2020-20264 — CVSS 6.5 (medium): Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced-tools/nova/bin/netwatch process. An authenticated remote attacker can…
CVE-2020-20265 — CVSS 6.5 (medium): Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless…
CVE-2020-20266 — CVSS 6.5 (medium): Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated…
CVE-2020-20267 — CVSS 6.5 (medium): Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An…
CVE-2021-36613 — CVSS 6.5 (medium): Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. An authenticated remote attacker…
CVE-2021-36614 — CVSS 6.5 (medium): Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote…
CVE-2022-36522 — CVSS 6.5 (medium): Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch…
CVE-2018-1157 — CVSS 6.5 (medium): Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. An authenticated remote attacker can crash…
CVE-2018-1158 — CVSS 6.5 (medium): Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash…
CVE-2018-1159 — CVSS 6.5 (medium): Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. An authenticated remote attacker can crash…
CVE-2019-13954 — CVSS 6.5 (medium): Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to memory exhaustion. By sending a crafted HTTP request, an…
CVE-2019-13955 — CVSS 6.5 (medium): Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By sending a crafted HTTP request, an…
CVE-2019-15055 — CVSS 6.5 (medium): MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete…
CVE-2020-20211 — CVSS 6.5 (medium): Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /nova/bin/console process. An…
CVE-2020-20212 — CVSS 6.5 (medium): Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated…
CVE-2020-20213 — CVSS 6.5 (medium): Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated…
CVE-2020-20214 — CVSS 6.5 (medium): Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote…
CVE-2020-20215 — CVSS 6.5 (medium): Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated…
CVE-2020-20216 — CVSS 6.5 (medium): Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/graphing process. An…
CVE-2020-20217 — CVSS 6.5 (medium): Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process…
CVE-2020-20218 — CVSS 6.5 (medium): Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An…
CVE-2020-20219 — CVSS 6.5 (medium): Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/igmp-proxy process. An…
CVE-2020-20220 — CVSS 6.5 (medium): Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote…
CVE-2020-20221 — CVSS 6.5 (medium): Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm…
CVE-2020-20222 — CVSS 6.5 (medium): Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated…
CVE-2020-20225 — CVSS 6.5 (medium): Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated…
CVE-2020-20227 — CVSS 6.5 (medium): Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote…
CVE-2020-20230 — CVSS 6.5 (medium): Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote…
CVE-2020-20231 — CVSS 6.5 (medium): Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An…
CVE-2020-20236 — CVSS 6.5 (medium): Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated…
CVE-2020-20237 — CVSS 6.5 (medium): Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated…
CVE-2020-20245 — CVSS 6.5 (medium): Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. An authenticated remote attacker can…
CVE-2020-20246 — CVSS 6.5 (medium): Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the mactel process. An authenticated remote attacker can…
CVE-2020-20247 — CVSS 6.5 (medium): Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An…
CVE-2020-20248 — CVSS 6.5 (medium): Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote…
CVE-2020-20249 — CVSS 6.5 (medium): Mikrotik RouterOs before stable 6.47 suffers from a memory corruption vulnerability in the resolver process. By sending a crafted packet…
CVE-2020-20250 — CVSS 6.5 (medium): Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An…
CVE-2020-20252 — CVSS 6.5 (medium): Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An…
CVE-2020-20253 — CVSS 6.5 (medium): Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by zero vulnerability in the /nova/bin/lcdstat process. An authenticated…
CVE-2022-45315 — CVSS 6.4 (medium): Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows…
CVE-2008-6976 — CVSS 6.4 (medium): MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System (NMS) settings via a…
CVE-2012-6050 — CVSS 6.4 (medium): The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the…
CVE-2021-3014 — CVSS 6.1 (medium): In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter.
CVE-2017-6297 — CVSS 5.9 (medium): The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows…
CVE-2024-54772 — CVSS 5.4 (medium): An issue was discovered in the Winbox service of MikroTik RouterOS long-term release v6.43.13 through v6.49.13 and stable v6.43 through…
CVE-2023-41570 — CVSS 5.3 (medium): MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API.
CVE-2019-3981 — CVSS 3.7 (low): MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication…