Unlike many router makers, MikroTik seems invested in fixing flagged vulnerabilities quickly, so regularly updating your MikroTik router should help ward off most attackes. And for those that never changed the device’s default credentials, now is the perfect time to do it: change the default username (if you can) and choose a unique, long and complex password ( instructions).ĭefault passwords are the reason why many IoT devices get conscripted into botnets and legislators are slowly trying to do something about that. The solution to the problem is easy: users should update their routers’ OS to version 6.42.7, 6.40.9, or 6.43 (or later). “If the authenticated RCE vulnerability (CVE-2018-1156) is used against routers with default credentials, an attacker can potentially gain full system access, granting them the ability to divert and reroute traffic and gain access to any internal system that uses the router,” Tenable explained. CVE-2018-1159: A memory corruption in the the attacker must known the username and password set up on the device, and that’s the reason why routers with default credentials are easy targets.CVE-2018-1158: A recursive JSON parsing stack exhaustion flaw that could cause a crash of the www service.CVE-2018-1157: A file upload memory exhaustion that cause the www binary to consume all memory.CVE-2018-1156: A stack buffer overflow flaw that could allow remote code execution. ![]() The four vulnerabilities discovered by Tenable researcher Jacob Baines are: ![]() Mikrotik’s routers were among those targeted by the VPNFilter malware and in an extensive cryptojacking campaign flagged a few months ago. “Based on Shodan analysis, there are hundreds of thousands of Mikrotik deployments worldwide, with strong concentrations in Brazil, Indonesia, China, the Russian Federation and India,” the researchers noted. MikroTik is headquartered in Riga, Latvia, and routers they manufacture are used by ISPs providers across the world. If you own a MikroTik router and you haven’t updated its RouterOS in the last month, you should do so now: Tenable Research has released details about four vulnerabilities they found in the OS, including an authenticated remote code execution flaw that can be leveraged against routers with default credentials.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |