CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30800 – MikroTik RouterOS Web Interface Heap Corruption
https://notcve.org/view.php?id=CVE-2023-30800
The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected. • https://vulncheck.com/advisories/mikrotik-jsproxy-dos • CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2023-30799 – MikroTik RouterOS Administrator Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-30799
MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system. • https://github.com/MarginResearch/FOISted https://vulncheck.com/advisories/mikrotik-foisted • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20021
https://notcve.org/view.php?id=CVE-2020-20021
An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon. • http://mikrotik.com http://router.com https://www.exploit-db.com/exploits/48228 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24094
https://notcve.org/view.php?id=CVE-2023-24094
An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows attackers to cause a Denial of Service (DoS) via crafted packets. • http://mikrotik.com http://routeros.com https://github.com/ZYen12138/RouterOS/blob/main/CVE-2023-24094.md • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45313
https://notcve.org/view.php?id=CVE-2022-45313
Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message. Se descubrió que Mikrotik RouterOs anteriores a la versión estable 7.5 contenía una lectura fuera de los límites en el proceso del punto de acceso. Esta vulnerabilidad permite a los atacantes ejecutar código arbitrario a través de un mensaje nova manipulado. • https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-45313/README.md • CWE-125: Out-of-bounds Read •