Shodan
Vulnerabilities
Vulnerable Software
Mikrotik:  >> Routeros  >> 6.41.4  Security Vulnerabilities
CVE-2019-3924
MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router's firewall or for general network scanning activities.
CVSS Score
7.5
EPSS Score
0.137
Published
2019-02-20
CVE-2018-1156
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker execute arbitrary code on the system.
CVSS Score
8.8
EPSS Score
0.042
Published
2018-08-23
CVE-2018-1157
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system via a crafted HTTP POST request.
CVSS Score
6.5
EPSS Score
0.023
Published
2018-08-23
CVE-2018-1158
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON.
CVSS Score
6.5
EPSS Score
0.013
Published
2018-08-23
CVE-2018-1159
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. An authenticated remote attacker can crash the HTTP server by rapidly authenticating and disconnecting.
CVSS Score
6.5
EPSS Score
0.011
Published
2018-08-23
CVE-2018-14847
Known exploited
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
CVSS Score
9.1
EPSS Score
0.928
Published
2018-08-02
CVE-2018-10066
An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the attacker to gain access to the client's internal network (for example, at site-to-site tunnels).
CVSS Score
8.1
EPSS Score
0.008
Published
2018-04-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved