Mikrotik Routeros
15 CVEs affecting Mikrotik Routeros. Latest disclosed: 2026-05-05. Critical: 1, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-30799 | Critical | 9.1 | 2023-07-19 | MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can esc… |
CVE-2025-10948 | High | 8.8 | 2025-09-25 | A vulnerability has been found in MikroTik RouterOS 7. This affects the function parse_json_element of the file /rest/ip/address/print of the component libjson… |
CVE-2023-32154 | High | 7.5 | 2024-05-03 | Mikrotik RouterOS RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code… |
CVE-2023-30800 | High | 7.5 | 2023-09-07 | The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server'… |
CVE-2017-8338 | High | 7.5 | 2017-05-18 | A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (… |
CVE-2017-7285 | High | 7.5 | 2017-03-29 | A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU… |
CVE-2017-6444 | High | 7.5 | 2017-03-12 | The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote att… |
CVE-2026-7668 | High | 7.3 | 2026-05-02 | A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1_STRING_data in the library nova/lib/www/scep.p of the… |
CVE-2025-6443 | High | 7.2 | 2025-06-25 | Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability. This vulnerability allows remote attackers to bypass access restrictions on affected i… |
CVE-2025-42611 | Medium | 6.5 | 2026-05-05 | RouterOS provides various services that rely on correct verification of client and server certificates to secure confidentiality and integrity of communication… |
CVE-2017-6297 | Medium | 5.9 | 2017-02-27 | The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to vi… |
CVE-2025-6563 | | 2025-07-03 | A cross-site scripting vulnerability is present in the hotspot of MikroTik's RouterOS on versions below 7.19.2. An attacker can inject the `javascript` protoco… | |
CVE-2019-3943 | | 2019-04-10 | MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote d… | |
CVE-2015-2350 | | 2015-03-19 | Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and earlier allows remote attackers to hijack the authentication of administrators for… | |
CVE-2012-6050 | | 2012-11-27 | The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and p… |