CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-30800 – MikroTik RouterOS Web Interface Heap Corruption
https://notcve.org/view.php?id=CVE-2023-30800
The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected. • https://vulncheck.com/advisories/mikrotik-jsproxy-dos • CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2023-30799 – MikroTik RouterOS Administrator Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-30799
MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system. • https://github.com/MarginResearch/FOISted https://vulncheck.com/advisories/mikrotik-foisted • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45313
https://notcve.org/view.php?id=CVE-2022-45313
Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message. Se descubrió que Mikrotik RouterOs anteriores a la versión estable 7.5 contenía una lectura fuera de los límites en el proceso del punto de acceso. Esta vulnerabilidad permite a los atacantes ejecutar código arbitrario a través de un mensaje nova manipulado. • https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-45313/README.md • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45315
https://notcve.org/view.php?id=CVE-2022-45315
Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet. Se descubrió que Mikrotik RouterOs anteriores a la versión estable 7.6 contenía una lectura fuera de los límites en el proceso snmp. Esta vulnerabilidad permite a los atacantes ejecutar código arbitrario a través de un paquete manipulado. • https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-45315/README.md • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36522
https://notcve.org/view.php?id=CVE-2022-36522
Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. Se ha detectado que Mikrotik RouterOs versiones hasta stable v6.48.3, contiene un fallo de aserción en el componente /advanced-tools/nova/bin/netwatch. Esta vulnerabilidad permite a atacantes causar una Denegación de Servicio (DoS) por medio de un paquete diseñado. • https://github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2022-36522/README.md https://seclists.org/fulldisclosure/2021/Jul/0 • CWE-617: Reachable Assertion •