CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2024-2169 – Implementations of UDP application protocols are susceptible to network loops and denial of service
https://notcve.org/view.php?id=CVE-2024-2169
Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service (DOS) and/or abuse of resources. • https://github.com/douglasbuzatto/G3-Loop-DoS https://kb.cert.org/vuls/id/417980 https://www.kb.cert.org/vuls/id/417980 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41570
https://notcve.org/view.php?id=CVE-2023-41570
MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API. Se descubrió que MikroTik RouterOS v7.1 a 7.11 contenía mecanismos de control de acceso incorrectos para la API Rest. • https://www.enricobassetti.it/2023/11/cve-2023-41570-access-control-vulnerability-in-mikrotik-rest-api • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30800 – MikroTik RouterOS Web Interface Heap Corruption
https://notcve.org/view.php?id=CVE-2023-30800
The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected. • https://vulncheck.com/advisories/mikrotik-jsproxy-dos • CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2023-30799 – MikroTik RouterOS Administrator Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-30799
MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system. • https://github.com/MarginResearch/FOISted https://vulncheck.com/advisories/mikrotik-foisted • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20021
https://notcve.org/view.php?id=CVE-2020-20021
An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon. • http://mikrotik.com http://router.com https://www.exploit-db.com/exploits/48228 • CWE-400: Uncontrolled Resource Consumption •