Filtered by vendor Mikrotik
Subscriptions
Total
84 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-34960 | 1 Mikrotik | 1 Routeros | 2024-08-03 | 9.8 Critical |
The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the attacker to mount any arbitrary file to any location on the host. | ||||
CVE-2023-30800 | 1 Mikrotik | 1 Routeros | 2024-08-02 | 7.5 High |
The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected. | ||||
CVE-2023-30799 | 1 Mikrotik | 1 Routeros | 2024-08-02 | 9.1 Critical |
MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system. | ||||
CVE-2023-24094 | 1 Mikrotik | 1 Routeros | 2024-08-02 | 7.5 High |
An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows attackers to cause a Denial of Service (DoS) via crafted packets. |