CVE-2008-6976

MikroTik RouterOS 2.x-2.9.51 & 3.x-3.13 - Unauthenticated SNMP Set Request Modifies NMS Settings

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6976. PoCs published by ShadOS.

AI-analyzed exploit summary This exploit demonstrates a SNMP write (Set request) vulnerability in MicroTik RouterOS <=3.13, allowing unauthorized modification of the system identity via a crafted SNMP packet. The PoC constructs and sends a malicious SNMP Set request packet, bypassing the documented read-only restriction.

Description

MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System (NMS) settings via a crafted SNMP set request.

Exploits (1)

exploitdb WORKING POC VERIFIED
by ShadOS · cremotehardware
https://www.exploit-db.com/exploits/6366

This exploit demonstrates a SNMP write (Set request) vulnerability in MicroTik RouterOS <=3.13, allowing unauthorized modification of the system identity via a crafted SNMP packet. The PoC constructs and sends a malicious SNMP Set request packet, bypassing the documented read-only restriction.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: MicroTik RouterOS <=3.13
No auth needed
Prerequisites: Network access to the target device · SNMP service enabled on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44944
Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31025
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6366

Scores

EPSS 0.0918
EPSS Percentile 94.7%

Details

CWE
CWE-20
Status published
Products (1)
mikrotik/routeros 2.0 - 2.9.51
Published Aug 19, 2009
Tracked Since Feb 18, 2026