39 results (0.001 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected. • https://vulncheck.com/advisories/mikrotik-jsproxy-dos • CWE-787: Out-of-bounds Write •

CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1

MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system. • https://github.com/MarginResearch/FOISted https://vulncheck.com/advisories/mikrotik-foisted • CWE-269: Improper Privilege Management •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon. • http://mikrotik.com http://router.com https://www.exploit-db.com/exploits/48228 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet. Se descubrió que Mikrotik RouterOs anteriores a la versión estable 7.6 contenía una lectura fuera de los límites en el proceso snmp. Esta vulnerabilidad permite a los atacantes ejecutar código arbitrario a través de un paquete manipulado. • https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-45315/README.md • CWE-125: Out-of-bounds Read •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message. Se descubrió que Mikrotik RouterOs anteriores a la versión estable 7.5 contenía una lectura fuera de los límites en el proceso del punto de acceso. Esta vulnerabilidad permite a los atacantes ejecutar código arbitrario a través de un mensaje nova manipulado. • https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-45313/README.md • CWE-125: Out-of-bounds Read •