Description
A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1_STRING_data in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiated remotely. The exploit is publicly available and might be used. You should upgrade the affected component. The vendor recommends to "use the latest v6.x or 7.x MikroTik RouterOS version, the reported issue should be fixed there."
Published: 2026-05-02
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability in MikroTik RouterOS 6.49.8’s SCEP Endpoint lets an attacker manipulate the transactionID or messageType arguments to the ASN1_STRING_data function in nova/lib/www/scep.p, causing an out‑of‑bounds read. This overread can expose memory beyond the buffer, potentially revealing sensitive configuration or other internal data. The flaw can be triggered remotely, and publicly available exploits exist. The vendor recommends upgrading to the latest v6.x or 7.x release to address the issue.

Affected Systems

The affected product is MikroTik RouterOS, specifically version 6.49.8. The advisory does not list other affected releases, so the flaw appears limited to this edition.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity. The EPSS score is less than 1%, suggesting a very low yet nonzero probability of exploitation. The vulnerability is not listed in CISA’s KEV catalog. The SCEP service is reachable over the network, enabling a remote attacker to supply crafted parameters and trigger the overread. Publicly available exploits raise the likelihood of exploitation even though broader usage data is missing. Consequently, the risk is moderate, and patching should be prioritized, particularly if the SCEP service is exposed to external networks.

Generated by OpenCVE AI on May 20, 2026 at 08:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade MikroTik RouterOS to a release that contains the fix for the SCEP Endpoint ASN1_STRING_data overread.
  • Restrict SCEP service access to trusted IP addresses using firewall rules.
  • Monitor RouterOS logs for anomalous ASN1_STRING_data calls and investigate any suspicious activity.

Generated by OpenCVE AI on May 20, 2026 at 08:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 07:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1_STRING_data in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1_STRING_data in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiated remotely. The exploit is publicly available and might be used. You should upgrade the affected component. The vendor recommends to "use the latest v6.x or 7.x MikroTik RouterOS version, the reported issue should be fixed there."
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R'}

 cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

Mon, 04 May 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 02 May 2026 20:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1_STRING_data in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title MikroTik RouterOS SCEP Endpoint scep.p ASN1_STRING_data out-of-bounds
First Time appeared Mikrotik
Mikrotik routeros
Weaknesses CWE-119
CWE-125
CPEs cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*
Vendors & Products Mikrotik
Mikrotik routeros
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Mikrotik Routeros
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-20T07:33:30.897Z

Reserved: 2026-05-02T05:56:44.888Z

Link: CVE-2026-7668

cve-icon Vulnrichment

Updated: 2026-05-04T15:24:40.440Z

cve-icon NVD

Status : Deferred

Published: 2026-05-02T21:16:07.677

Modified: 2026-05-20T08:16:23.190

Link: CVE-2026-7668

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T09:00:11Z

Weaknesses