CVE-2024-27686 - Vulnerability Details

Description

Mikrotik RouterOS (x86) 6.40.5 through 6.49.10 (fixed in 7) allows a remote attacker to cause a denial of service (device crash) via crafted packet data to the SMB service on TCP port 445.

Published: 2026-05-08

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A remote attacker can send specially crafted SMB packets to the device, causing the Mikrotik RouterOS SMB service to crash. The resulting crash renders the router unavailable, disrupting network connectivity and any services depending on the device.

Affected Systems

Devices running Mikrotik RouterOS x86 versions 6.40.5 through 6.49.10 are vulnerable. The flaw was addressed in the 7.x release line.

Risk and Exploitability

The vulnerability is exposed over the network via TCP port 445, so remote attackers can trigger it from outside the local network. No EPSS score or KEV entry is available, which suggests limited public exploitation data, but the fixed status in the newer release shows that the vendor considered the issue significant. The exploit requires no special privileges; an attacker simply transmits malformed SMB traffic to force a crash.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the router to Mikrotik RouterOS 7, which contains the fix for the SMB crash issue.
If an upgrade cannot be performed immediately, block inbound traffic to TCP port 445 from external networks while maintaining access from trusted internal hosts.
Continuously monitor router logs for abnormal SMB activity and apply the patch as soon as the upgrade is possible.

Generated by OpenCVE AI on May 8, 2026 at 06:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00229.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/ice-wzl/RouterOS-SMB-DOS-POC
https://www.exploit-db.com/exploits/51931

History

Fri, 08 May 2026 06:45:00 +0000

Type	Values Removed	Values Added
Title		SMB Service Denial of Service in Mikrotik RouterOS
Weaknesses		CWE-120

Fri, 08 May 2026 05:45:00 +0000

Type	Values Removed	Values Added
Description		Mikrotik RouterOS (x86) 6.40.5 through 6.49.10 (fixed in 7) allows a remote attacker to cause a denial of service (device crash) via crafted packet data to the SMB service on TCP port 445.
References		https://github.com/ice-wzl/RouterOS-SMB-DOS-POC https://www.exploit-db.com/exploits/51931

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-05-08T00:00:00.000Z

Updated: 2026-05-08T04:57:09.343Z

Reserved: 2024-02-26T00:00:00.000Z

Link: CVE-2024-27686

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-08T06:16:09.003

Modified: 2026-05-08T06:16:09.003

Link: CVE-2024-27686

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-08T06:45:03Z

Weaknesses

CWE-120

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object