Description
A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1_STRING_data in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-02
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability exists in MikroTik RouterOS 6.49.8’s SCEP Endpoint where manipulation of the transactionID or messageType parameters to the ASN1_STRING_data function can trigger an out‑of‑bounds read. This flaw allows the system to read memory beyond the intended buffer boundaries. The description does not mention writable memory being affected, so the vulnerability is an overread rather than a read‑write misuse. The read may reveal data stored adjacent to the buffer, which could include sensitive configuration or system information. Based on the description, it is inferred that this could lead to disclosure of internal data, though the exact contents are not specified.

Affected Systems

The affected product is MikroTik RouterOS, specifically version 6.49.8. The advisory does not list other affected releases, so the flaw appears limited to this edition.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity. No EPSS data is available, and the vulnerability is not listed in CISA’s KEV catalog. The SCEP service is reachable over the network, enabling a remote attacker to supply crafted parameters and trigger the overread. Publicly available exploits raise the likelihood of exploitation even though broader usage data is missing. Consequently, the risk is moderate, and patching should be prioritized, particularly if the SCEP service is exposed to external networks.

Generated by OpenCVE AI on May 2, 2026 at 21:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade MikroTik RouterOS to a release that contains the fix for the SCEP Endpoint ASN1_STRING_data overread.
  • Restrict SCEP service access to trusted IP addresses using firewall rules.
  • Monitor RouterOS logs for anomalous ASN1_STRING_data calls and investigate any suspicious activity.

Generated by OpenCVE AI on May 2, 2026 at 21:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 02 May 2026 20:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1_STRING_data in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title MikroTik RouterOS SCEP Endpoint scep.p ASN1_STRING_data out-of-bounds
First Time appeared Mikrotik
Mikrotik routeros
Weaknesses CWE-119
CWE-125
CPEs cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*
Vendors & Products Mikrotik
Mikrotik routeros
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Mikrotik Routeros
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-02T20:00:15.044Z

Reserved: 2026-05-02T05:56:44.888Z

Link: CVE-2026-7668

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-02T21:16:07.677

Modified: 2026-05-02T21:16:07.677

Link: CVE-2026-7668

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T22:00:08Z

Weaknesses