CVE-2017-8338
HIGHMikroTik RouterOS 6.38.5 - Unauthenticated Denial of Service via UDP Flood on Port 500
Title source: llmDescription
A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing the affected router from accepting new connections; all devices will be disconnected from the router and all logs removed automatically.
References (4)
Core 4
Core References
Exploit, Third Party Advisory x_refsource_misc
https://cxsecurity.com/issue/WLB-2017050062
Exploit, Third Party Advisory x_refsource_misc
https://www.vulnerability-lab.com/get_content.php?id=2064
Exploit, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2017/May/59
Exploit, Third Party Advisory x_refsource_misc
https://packetstormsecurity.com/files/142538/MikroTik-RouterBoard-6.38.5-Denial-Of-Service.html
Scores
CVSS v3
7.5
EPSS
0.0421
EPSS Percentile
89.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (1)
mikrotik/routeros
6.38.5
Published
May 18, 2017
Tracked Since
Feb 18, 2026