These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A medium-severity out-of-bounds read vulnerability exists in MikroTik RouterOS 6.49.8 within the SCEP Endpoint component. The flaw resides in the ASN1_STRING_data function in nova/lib/www/scep.p, where manipulation of the transactionID or messageType arguments can trigger memory access beyond allocated bounds. The attack vector is network-accessible and requires no authentication, though the CVSS 4.0 vect [truncated]
CVE-2018-7445 is a MikroTik RouterOS stack-based buffer overflow that CISA placed in the Known Exploited Vulnerabilities catalog on 2022-09-08, with a remediation due date of 2022-09-29. Organizations running RouterOS should treat this as a high-priority patching item and verify that vendor-recommended updates are applied.
CVE-2018-14847 is a MikroTik RouterOS directory traversal vulnerability that CISA has included in the Known Exploited Vulnerabilities catalog. The KEV listing is the key defensive signal here: it indicates known exploitation and directs defenders to apply vendor updates without delay.
CVE-2017-6297 describes a MikroTik RouterOS L2TP client issue where IPsec encryption may not be enabled after a reboot. In the affected versions identified by NVD, L2TP traffic can be exposed in transit, allowing a man-in-the-middle attacker to view transmitted data unencrypted and potentially obtain the L2TP secret needed to access the server network. The vulnerability was published on 2017-02-27 and is [truncated]