Ghostwire

CVE-2024-27686: Mikrotik RouterOS (x86) 6.40.5 through 6.49.10 (fixed in 7) allows a remote attacker to cause a denial of service...

HIGH CVSS 7.5 Exploit Available 1 PoC

Published: May 8, 2026 | Last Modified: May 8, 2026

Description

Mikrotik RouterOS (x86) 6.40.5 through 6.49.10 (fixed in 7) allows a remote attacker to cause a denial of service (device crash) via crafted packet data to the SMB service on TCP port 445.

Ghostwire Analysis — What This Means Practically

High CVSS score indicates significant risk — exploitation could lead to substantial data exposure or system compromise.
1 proof-of-concept exploit available on GitHub. Public exploit code lowers the barrier for both researchers and attackers.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Proof-of-Concept Exploits (1)

ThemeHackers/CVE-2024-27686

Security Coverage (2 articles)

References

www.tenable.com/cve/CVE-2024-27686
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2024-27686
github.com/ice-wzl/RouterOS-SMB-DOS-POC
www.exploit-db.com/exploits/51931
nvd.nist.gov/vuln/detail/CVE-2024-27686