Vulnerability Database

309,234

Total vulnerabilities in the database

CVE-2019-15055

MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication.

Published: Aug 26, 2019
Updated: Nov 9, 2025
CVE: CVE-2019-15055
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.5
AV:N/AC:L/Au:S/C:N/I:P/A:P

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
mikrotik / routeros	-	6.44.5.x
mikrotik / routeros	6.45	6.45.3.x

https://fortiguard.com/zeroday/FG-VD-19-108
https://forum.mikrotik.com/viewtopic.php?t=151603
https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055
https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90
https://mikrotik.com/download/changelogs/testing-release-tree

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo