MikroTik version 6.40.5 kernel failure denial of service proof of concept exploit.
36f04caad4ac752ccca12cdf6117122b6b2396e310fadba93409a4509e2e9900MikroTik RouterOS version 6.x suffers from having multiple null pointer dereference vulnerabilities and a reachable assertion failure.
61fb6d95549c6db4fbf408527ea47e6a0fd075a931405f09c2ed3b080657a245MikroTik's RouterOS suffers from multiple memory corruption vulnerabilities. Various versions are affected.
db5d7fa65930b9710b80f0c424d888eade1e18945b75c10be7be6d7c0cc4bcf5MikroTik RouterOS version 6.46.5 suffers from an assertion failure and multiple memory corruption vulnerabilities.
a64685676fca951c82952a48568cc23b987ea04f6128ac9fa93f1d10f7bfbe11MikroTik RouterOS suffers from memory corruption and reachable assertion failure vulnerabilities.
55015f99b97a602f7b921cc66a0bad419e61030ea1560cd3d297e3259fc64e59MikroTik RouterOS suffers from NULL pointer dereference, memory corruption and division by zero vulnerabilities.
093cf827a466522125a9a60ebaa8035bdab73e9adbf53421b45d078526ed91b9Mikrotik RouterOS suffers from null pointer dereference and reachable assertion failure vulnerabilities.
2df20ffb503d40f9cb6c783de8944c6f8ddb31e97c0d49da69d0f06ea89a0ad1MikroTik RouterOS suffers from stack exhaustion, memory corruption, and null pointer vulnerabilities. Various 6.44.x versions are affected.
02ab3540de562be70a067e64bdbfd57ec8076c2736ff3eb6a847230788c021a5MikroTik RouterOS versions prior to stable 6.47 suffer from multiple null pointer dereference vulnerabilities and one division-by-zero vulnerability.
f62eaf7184c39f0e8b90c063e78e3e3b83c3de4f01b45d8555571c1e7818d1dfMikrotik Router Monitoring System versions 1.2.3 and below suffer from a remote SQL injection vulnerability.
3f2014e238dc93f2a700e3dbe9ea70346fd499fd10b193c4c13b64bcc33f6e43MikroTik RouterOS suffers from two vulnerabilities. The cerm process suffers from an uncontrolled resource consumption issue. By sending a crafted packet, an authenticated remote user can cause a high cpu load, which may make the device respond slowly or unable to respond. Versions until stable 6.45.7 are affected. The traceroute process suffers from a memory corruption issue. By sending a crafted packet, an authenticated remote user can crash the traceroute process due to invalid memory access. Versions until stable 6.46.4 are affected.
77175816ac4a79fca801187367574009b954279dd3a15515035cbab28819403dMikroTik RouterOS versions prior to 6.44.6 suffer from memory corruption and assertion failure vulnerabilities.
b9e283a6208f56a952f99e2174e47221c663e9cd7c8f17571ff9c7c8eeb5c785MikroTik RouterOS version 6.45.6 DNS cache poisoning exploit.
a383237105abf2d8cd196092df38ab74a7bb21e90a231ec004bccdee62539d22Mikrotik RouterOS versions prior to 6.44.5 and 6.45.1 suffer from stack and resource exhaustion vulnerabilities.
d3abfc481e4ff650ba817b959c8db1aeed9b4e0a9043efaf38c59c7dd9c780deMikroTik RouterOS versions prior to 6.43.12 (stable) and 6.42.12 (long-term) firewall and NAT bypass exploit.
76d8b41f9f478dd81cf50cfdd51f6592ff6a23a044fbd5ad0d719cc3c7cef3acAn exploitable arbitrary file creation weakness has been identified in Mikrotik RouterOS that can be leveraged by a malicious attacker to exploit all known versions of Mikrotik RouterOS. The RouterOS contains a telnet client based on GNU inetutils with modifications to remove shell subsystem. However an attacker can leverage the "set tracefile" option to write an arbitrary file into any "rw" area of the filesystem, escaping the restricted shell to gain access to a "ash" busybox shell on some versions. The file is created with root privileges regardless of the RouterOS defined group.
a939b73387c51054bd5c4c1fabbeade0aabd8445df951b5f0caf507ff0713454Mikrotik RouterOS versions 6.x suffer from a remote root code execution vulnerability.
3f8c52b062ca67ece824e00c875d47df8ead0831abf8803a9a4a87310336aa60Mikrotik WinBox version 6.42 suffers from a credential disclosure vulnerability.
facd664f6ae9c30c9f9f80e3755e975bbd10839dbf536c509f7c498a947844aaMikroTik version 6.41.4 ftp daemon denial of service proof of concept exploit.
9083c84bfb726097b0717778839eb828a579861215f9333a577516923c0d1284A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it.
f596977ec0c838a1e24c8e7b3ba40756d8c45733524c4820e426799d27f008d3MikroTik RouterOS versions prior to 6.38.4 (MIPSBE) Chimay Red stack clash remote code execution exploit.
4887cd3697d5055f700b1e47d24181ad41552d949b52b2f0b254372f1a8c00acMikroTik RouterOS versions prior to 6.38.4 (x86) Chimay Red stack clash remote code execution exploit.
3d0f66446eb344c4829bbe2a36b06b9c2daee5d39d92b2e8dbb1e8547ceba83eMikroTik RouterBoard versions 6.39.2 and 6.40.5 DNS daemon denial of service proof of concept exploit.
88579439a2df3b04166fc4daa7d8edd3fdfa180e542fd56d1bc866fa43c3cc2aMikrotik RouterOS version 6.28 suffers from a cookie HTTP request header buffer overflow vulnerability.
f9094809ee7a54b5ba82c3ce861b12c63658ce45783de7698e9d5d83a472dee0Mikrotik RouterOS version 6.39.2 suffers from a FTP CWD command buffer overflow vulnerability.
a924ceacde68a55f9ad645ab470c04cb0e869ec8522c44c9e1b6c8e517add61eMikrotik RouterOS version 6.28 suffers from an FTP related buffer overflow vulnerability.
79f5a359c7974ddc06477e70b9a5972e81e458a98d7cb6f7f735c690f781c8ce
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed