CVE-2018-5951

HIGH

Mikrotik RouterOS - Denial of Service via IPv6 EoIP Packet

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-5951. PoCs published by Nat-Lab.

AI-analyzed exploit summary This PoC exploits a denial-of-service vulnerability in MikroTik RouterOS by sending a single-byte packet to an IPv6 address using IP protocol 97, causing the router to reboot. The exploit leverages improper handling of EoIPv6 tunnel ID validation.

Description

An issue was discovered in Mikrotik RouterOS. Crafting a packet that has a size of 1 byte and sending it to an IPv6 address of a RouterOS box with IP Protocol 97 will cause RouterOS to reboot imminently. All versions of RouterOS that supports EoIPv6 are vulnerable to this attack.

Exploits (1)

nomisec WORKING POC 6 stars
by Nat-Lab · poc
https://github.com/Nat-Lab/CVE-2018-5951

This PoC exploits a denial-of-service vulnerability in MikroTik RouterOS by sending a single-byte packet to an IPv6 address using IP protocol 97, causing the router to reboot. The exploit leverages improper handling of EoIPv6 tunnel ID validation.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: MikroTik RouterOS (versions with EoIPv6 support, including 6.39.3, 6.41, and 6.42rc11)
No auth needed
Prerequisites: IPv6 enabled on target · No IPv6 filter rule blocking IP proto 97 · At least one tunnel interface present
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/Nat-Lab/CVE-2018-5951

Scores

CVSS v3 7.5
EPSS 0.0427
EPSS Percentile 89.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Status published
Products (1)
mikrotik/routeros
Published Mar 02, 2020
Tracked Since Feb 18, 2026