Search criteria
9 vulnerabilities by MikroTik
CVE-2025-10948 (GCVE-0-2025-10948)
Vulnerability from cvelistv5 – Published: 2025-09-25 14:02 – Updated: 2025-10-13 16:58
VLAI?
Title
MikroTik RouterOS libjson.so print parse_json_element buffer overflow
Summary
A vulnerability has been found in MikroTik RouterOS 7. This affects the function parse_json_element of the file /rest/ip/address/print of the component libjson.so. The manipulation leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.20.1 and 7.21beta2 mitigates this issue. You should upgrade the affected component. The vendor replied: "Our bug tracker reports that your issue has been fixed. This means that we plan to release a RouterOS update with this fix. Make sure to upgrade to the next release when it comes out."
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
Credits
a2ure (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10948",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-25T14:16:38.818248Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T14:17:02.592Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/a2ure123/libjson-unicode-buffer-overflow-poc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"libjson.so"
],
"product": "RouterOS",
"vendor": "MikroTik",
"versions": [
{
"status": "affected",
"version": "7"
},
{
"status": "unaffected",
"version": "7.20.1"
},
{
"status": "unaffected",
"version": "7.21beta2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "a2ure (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in MikroTik RouterOS 7. This affects the function parse_json_element of the file /rest/ip/address/print of the component libjson.so. The manipulation leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.20.1 and 7.21beta2 mitigates this issue. You should upgrade the affected component. The vendor replied: \"Our bug tracker reports that your issue has been fixed. This means that we plan to release a RouterOS update with this fix. Make sure to upgrade to the next release when it comes out.\""
},
{
"lang": "de",
"value": "In MikroTik RouterOS 7 wurde eine Schwachstelle gefunden. Es betrifft die Funktion parse_json_element der Datei /rest/ip/address/print der Komponente libjson.so. Durch Beeinflussen mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden. Ein Aktualisieren auf die Version 7.20.1 and 7.21beta2 vermag dieses Problem zu l\u00f6sen. Ein Upgrade der betroffenen Komponente wird empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-13T16:58:49.425Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-325818 | MikroTik RouterOS libjson.so print parse_json_element buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.325818"
},
{
"name": "VDB-325818 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.325818"
},
{
"name": "Submit #652387 | MikroTik RouterOS 7 Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.652387"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/a2ure123/libjson-unicode-buffer-overflow-poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/a2ure123/libjson-unicode-buffer-overflow-poc#technical-proof-of-concept"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-25T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-13T19:03:43.000Z",
"value": "VulDB entry last update"
}
],
"title": "MikroTik RouterOS libjson.so print parse_json_element buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10948",
"datePublished": "2025-09-25T14:02:07.376Z",
"dateReserved": "2025-09-25T06:03:48.610Z",
"dateUpdated": "2025-10-13T16:58:49.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6563 (GCVE-0-2025-6563)
Vulnerability from cvelistv5 – Published: 2025-07-03 11:18 – Updated: 2025-07-03 13:17
VLAI?
Title
Cross-site scripting via dst parameter in RouterOS WiFi hotspot
Summary
A cross-site scripting vulnerability is present in the hotspot of MikroTik's RouterOS on versions below 7.19.2. An attacker can inject the `javascript` protocol in the `dst` parameter. When the victim browses to the malicious URL and logs in, the XSS executes. The POST request used to login, can also be converted to a GET request, allowing an attacker to send a specifically crafted URL that automatically logs in the victim (into the attacker's account) and triggers the payload.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6563",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-03T13:07:30.664092Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-03T13:17:13.946Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.toreon.com/how-a-ski-trip-led-to-a-cve-in-a-wi-fi-hotspot/"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Hotspot"
],
"product": "RouterOS",
"vendor": "MikroTik",
"versions": [
{
"lessThan": "7.19.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A cross-site scripting vulnerability is present in the hotspot of MikroTik\u0027s RouterOS on versions below 7.19.2. An attacker can inject the `javascript` protocol in the `dst` parameter. When the victim browses to the malicious URL and logs in, the XSS executes. The POST request used to login, can also be converted to a GET request, allowing an attacker to send a specifically crafted URL that automatically logs in the victim (into the attacker\u0027s account) and triggers the payload."
}
],
"value": "A cross-site scripting vulnerability is present in the hotspot of MikroTik\u0027s RouterOS on versions below 7.19.2. An attacker can inject the `javascript` protocol in the `dst` parameter. When the victim browses to the malicious URL and logs in, the XSS executes. The POST request used to login, can also be converted to a GET request, allowing an attacker to send a specifically crafted URL that automatically logs in the victim (into the attacker\u0027s account) and triggers the payload."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-03T11:18:26.211Z",
"orgId": "1c6b5737-9389-4011-8117-89fa251edfb2",
"shortName": "Toreon"
},
"references": [
{
"url": "https://www.toreon.com/how-a-ski-trip-led-to-a-cve-in-a-wi-fi-hotspot/"
}
],
"source": {
"discovery": "USER"
},
"title": "Cross-site scripting via dst parameter in RouterOS WiFi hotspot",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1c6b5737-9389-4011-8117-89fa251edfb2",
"assignerShortName": "Toreon",
"cveId": "CVE-2025-6563",
"datePublished": "2025-07-03T11:18:26.211Z",
"dateReserved": "2025-06-24T07:00:12.112Z",
"dateUpdated": "2025-07-03T13:17:13.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6443 (GCVE-0-2025-6443)
Vulnerability from cvelistv5 – Published: 2025-06-25 21:29 – Updated: 2025-06-26 14:18
VLAI?
Title
Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability
Summary
Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability. This vulnerability allows remote attackers to bypass access restrictions on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of remote IP addresses when processing VXLAN traffic. The issue results from the lack of validation of the remote IP address against configured values prior to allowing ingress traffic into the internal network. An attacker can leverage this vulnerability to gain access to internal network resources. Was ZDI-CAN-26415.
Severity ?
7.2 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6443",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-26T14:18:02.910945Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T14:18:12.575Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RouterOS",
"vendor": "Mikrotik",
"versions": [
{
"status": "affected",
"version": "7.15.3, 7.16.2"
}
]
}
],
"dateAssigned": "2025-06-20T17:15:55.535Z",
"datePublic": "2025-06-25T21:29:14.744Z",
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability. This vulnerability allows remote attackers to bypass access restrictions on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of remote IP addresses when processing VXLAN traffic. The issue results from the lack of validation of the remote IP address against configured values prior to allowing ingress traffic into the internal network. An attacker can leverage this vulnerability to gain access to internal network resources. Was ZDI-CAN-26415."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T21:29:22.232Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-424",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-424/"
}
],
"source": {
"lang": "en",
"value": "Trend Micro (SHU-HAO, TUNG) (123ojp)"
},
"title": "Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-6443",
"datePublished": "2025-06-25T21:29:22.232Z",
"dateReserved": "2025-06-20T17:15:55.462Z",
"dateUpdated": "2025-06-26T14:18:12.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32154 (GCVE-0-2023-32154)
Vulnerability from cvelistv5 – Published: 2024-05-03 01:56 – Updated: 2024-09-20 20:29
VLAI?
Title
Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability
Summary
Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Router Advertisement Daemon. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root.
. Was ZDI-CAN-19797.
Severity ?
7.5 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "routeros",
"vendor": "mikrotik",
"versions": [
{
"lessThan": "6.49.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32154",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T17:51:00.556580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T20:29:37.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:23.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-710",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-710/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RouterOS",
"vendor": "Mikrotik",
"versions": [
{
"status": "affected",
"version": "6.49.7 Stable"
}
]
}
],
"dateAssigned": "2023-05-03T15:16:43.038-05:00",
"datePublic": "2023-05-17T20:29:17.704-05:00",
"descriptions": [
{
"lang": "en",
"value": "Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the Router Advertisement Daemon. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-19797."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:28:19.909Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-710",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-710/"
}
],
"source": {
"lang": "en",
"value": "Angelboy(@scwuaptx) and NiNi (@terrynini38514) from DEVCORE Research Team"
},
"title": "Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-32154",
"datePublished": "2024-05-03T01:56:37.467Z",
"dateReserved": "2023-05-03T20:10:47.060Z",
"dateUpdated": "2024-09-20T20:29:37.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2169 (GCVE-0-2024-2169)
Vulnerability from cvelistv5 – Published: 2024-03-19 19:50 – Updated: 2024-09-04 12:04
VLAI?
Title
Implementations of UDP application protocols are susceptible to network loops and denial of service
Summary
Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service (DOS) and/or abuse of resources.
Severity ?
7.5 (High)
CWE
- CWE-406 - Insufficient Control of Network Message Volume (Network Amplification)
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| MikroTik | RouterOS-TFTP |
Affected:
* , ≤ 7.13.2
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Thanks to the reporters Yepeng Pan and Christian Rossow from the CISPA Helmholtz Center for Information Security, Germany.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-09-04T12:04:51.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/417980"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/417980"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/09/04/1"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mikrotik:routeros_tftp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "routeros_tftp",
"vendor": "mikrotik",
"versions": [
{
"lessThanOrEqual": "7.13.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:wds:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wds",
"vendor": "microsoft",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:dproxy-nexgen_project:dproxy-nexgen:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dproxy-nexgen",
"vendor": "dproxy-nexgen_project",
"versions": [
{
"lessThanOrEqual": "0.5",
"status": "affected",
"version": "0.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-2169",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T16:48:38.161456Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T16:53:26.755Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RouterOS-TFTP",
"vendor": "MikroTik",
"versions": [
{
"lessThanOrEqual": "7.13.2",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"product": "WDS",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"product": "dproxy-nexgen",
"vendor": "dproxy-nexgen",
"versions": [
{
"lessThanOrEqual": "0.5",
"status": "affected",
"version": "0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks to the reporters Yepeng Pan and Christian Rossow from the CISPA Helmholtz Center for Information Security, Germany."
}
],
"descriptions": [
{
"lang": "en",
"value": "Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service (DOS) and/or abuse of resources."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-406: Insufficient Control of Network Message Volume (Network Amplification)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-19T19:59:53.925Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/417980"
},
{
"url": "https://www.kb.cert.org/vuls/id/417980"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Implementations of UDP application protocols are susceptible to network loops and denial of service",
"x_generator": {
"engine": "VINCE 2.1.12",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2024-2169"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2024-2169",
"datePublished": "2024-03-19T19:50:10.700Z",
"dateReserved": "2024-03-04T16:29:42.695Z",
"dateUpdated": "2024-09-04T12:04:51.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30800 (GCVE-0-2023-30800)
Vulnerability from cvelistv5 – Published: 2023-09-07 15:43 – Updated: 2025-11-21 16:14
VLAI?
Title
MikroTik RouterOS Web Interface Heap Corruption
Summary
The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected.
Severity ?
7.5 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
Credits
Jacob Baines
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://vulncheck.com/advisories/mikrotik-jsproxy-dos"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30800",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:04:33.430241Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T19:04:47.706Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"x86",
"ARM",
"PPC",
"MIPSBE"
],
"product": "RouterOS",
"vendor": "MikroTik",
"versions": [
{
"status": "unaffected",
"version": "6.49.10"
},
{
"status": "affected",
"version": "6.49.9"
},
{
"status": "affected",
"version": "6.48.8"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.49.9:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.48.8:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jacob Baines"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server\u0027s heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected.\u003cbr\u003e"
}
],
"value": "The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server\u0027s heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected."
}
],
"impacts": [
{
"capecId": "CAPEC-123",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-123 Buffer Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T16:14:51.409Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"url": "https://vulncheck.com/advisories/mikrotik-jsproxy-dos"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "MikroTik RouterOS Web Interface Heap Corruption",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-30800",
"datePublished": "2023-09-07T15:43:54.429Z",
"dateReserved": "2023-04-18T10:31:45.962Z",
"dateUpdated": "2025-11-21T16:14:51.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-30799 (GCVE-0-2023-30799)
Vulnerability from cvelistv5 – Published: 2023-07-19 14:56 – Updated: 2025-11-21 16:13
VLAI?
Title
MikroTik RouterOS Administrator Privilege Escalation
Summary
MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.
Severity ?
9.1 (Critical)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vulncheck.com/advisories/mikrotik-foisted"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/MarginResearch/FOISted"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30799",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T18:50:26.181727Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T18:50:44.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"x86",
"ARM",
"64 bit",
"mips",
"ppc"
],
"product": "RouterOS",
"vendor": "MikroTik",
"versions": [
{
"lessThan": "6.49.7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.48.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.49.7",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.48.6",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eMikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.\u003c/div\u003e"
}
],
"value": "MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T16:13:26.803Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/mikrotik-foisted"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/MarginResearch/FOISted"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "MikroTik RouterOS Administrator Privilege Escalation",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-30799",
"datePublished": "2023-07-19T14:56:17.362Z",
"dateReserved": "2023-04-18T10:31:45.962Z",
"dateUpdated": "2025-11-21T16:13:26.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-3981 (GCVE-0-2019-3981)
Vulnerability from cvelistv5 – Published: 2020-01-14 18:13 – Updated: 2024-08-04 19:26
VLAI?
Summary
MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed password.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WinBox",
"vendor": "MikroTik",
"versions": [
{
"status": "affected",
"version": "Winbox 3.20 and below."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client\u0027s authentication protocol and recover the user\u0027s username and MD5 hashed password."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-300",
"description": "CWE-300",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-14T18:13:57.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WinBox",
"version": {
"version_data": [
{
"version_value": "Winbox 3.20 and below."
}
]
}
}
]
},
"vendor_name": "MikroTik"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client\u0027s authentication protocol and recover the user\u0027s username and MD5 hashed password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-300"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2020-01",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3981",
"datePublished": "2020-01-14T18:13:57.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:26:27.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3943 (GCVE-0-2019-3943)
Vulnerability from cvelistv5 – Published: 2019-04-10 20:01 – Updated: 2024-08-04 19:26
VLAI?
Summary
MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk).
Severity ?
No CVSS data available.
CWE
- CWE-23 - Path Traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RouterOS",
"vendor": "MikroTik",
"versions": [
{
"status": "affected",
"version": "Stable 6.43.12 and below"
},
{
"status": "affected",
"version": "Long-term 6.42.12 and below"
},
{
"status": "affected",
"version": "Testing 6.44beta75 and below"
}
]
}
],
"datePublic": "2019-04-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-10T20:01:00.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RouterOS",
"version": {
"version_data": [
{
"version_value": "Stable 6.43.12 and below"
},
{
"version_value": "Long-term 6.42.12 and below"
},
{
"version_value": "Testing 6.44beta75 and below"
}
]
}
}
]
},
"vendor_name": "MikroTik"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23 Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-16",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3943",
"datePublished": "2019-04-10T20:01:00.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:26:27.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}