Cyber Resilience

CVE-2022-45313

HighPublic PoC

Published: 05 December 2022

Published
05 December 2022
Modified
24 April 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1351 94.4th percentile
Risk Priority 26 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-45313 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Mikrotik Routeros. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 5.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

MikroTik RouterOS versions prior to stable release 7.5 contain an out-of-bounds read vulnerability, tracked as CVE-2022-45313 and assigned CWE-125, in the hotspot process. The flaw is reachable over the network and carries a CVSS 3.1 base score of 8.8, reflecting that an authenticated attacker can supply a crafted nova message to trigger memory corruption.

An attacker with low-privileged network access can exploit the condition without user interaction to execute arbitrary code on the device, resulting in full compromise of confidentiality, integrity, and availability. The attack vector requires only that the hotspot feature be active and that the attacker can reach the management or hotspot interface.

The supplied advisory links describe the issue and provide proof-of-concept material; the version information indicates that upgrading to RouterOS 7.5 or later removes the vulnerable code path. The EPSS score has remained flat at 0.1351 with no material increase after disclosure.

EU & UK References

Vulnerability details

Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

mikrotik
routeros
≤ 7.5

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References