Sunday, April 6, 2025
Follow us On Linkedin
HomeCyber Security NewsCritical MikroTik RouterOS Flaw Exposes 900,000 Systems to Cyber Attacks

Critical MikroTik RouterOS Flaw Exposes 900,000 Systems to Cyber Attacks

Cyber Security NewsVulnerability

Published on

By Eswar
Critical MikroTik RouterOS Flaw Exposes 900,000 Systems to Cyber Attacks

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

MikroTik RouterOS were vulnerable to a privilege escalation vulnerability which was first disclosed in June 2022 at REcon. The vulnerability existed on the x86 Virtual Machines of RouterOS, where a root shell can be obtained.

However, the new CVE for this vulnerability was assigned only in the middle of July 2023 when researchers at Vulncheck published new exploits for this vulnerability that can exploit a wider range of Hardware.

MikroTik released patches for this vulnerability on their stable release version 6.49.7.

- Advertisement - Google News

Further investigations revealed that 6.49.7 was the most installed version of the RouterOS, followed by the 6.48.6 version.

Most installed RouterOS versions (Source: Vulncheck)

CVE-2023-30799: Privilege Escalation from Admin to Super Admin

This vulnerability exists due to improper privilege management on the RouterOS versions 6.49.7 through 6.48.6, allowing threat actors to escalate their privileges from admin to super-admin on the Winbox or HTTP interface.

This can lead to arbitrary code execution on the system by the threat actor. The CVSS score for this vulnerability was given as 9.1 (Critical). Reports indicated that more than 900K routers were vulnerable to CVE-2023-30799.

Authentication Required But Still Dangerous

Though this vulnerability requires authentication, it is easier to obtain the credentials as most installations do not change the default “admin” username. Things got even worse when RouterOS prompted their users to set a blank password in October 2021.

In addition to this, the RouterOS was also vulnerable to brute force attacks on their API port. Nearly 400K routers were exposing their API ports to the internet, which is less when compared to the Winbox or HTTP interface exposure.

Vulncheck has released a complete report on this vulnerability which mentions the origin, exploitation, and other information.

For optimal security, it is recommended that users promptly update to the latest version (6.49.8 or 7.x) and apply the necessary patch to address the vulnerability.

Stay up-to-date with the latest Cyber Security News; follow us on GoogleNewsLinkedinTwitterand Facebook.

Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Cyber Security News

U.S. Secures Extradition of Rydox Cybercrime Marketplace Admins from Kosovo in Major International Operation

The United States has successfully extradited two Kosovo nationals, Ardit Kutleshi, 26, and Jetmir...
Cyber Security News

Ivanti Fully Patched Connect Secure RCE Vulnerability That Actively Exploited in the Wild

Ivanti has issued an urgent security advisory for CVE-2025-22457, a critical vulnerability impacting Ivanti...
cyber security

Beware! Weaponized Job Recruitment Emails Spreading BeaverTail and Tropidoor Malware

A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing...
ChatGPT

EncryptHub Ransomware Uncovered Through ChatGPT Use and OPSEC Failures

EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

Register Now

More like this

Cyber Security News

U.S. Secures Extradition of Rydox Cybercrime Marketplace Admins from Kosovo in Major International Operation

The United States has successfully extradited two Kosovo nationals, Ardit Kutleshi, 26, and Jetmir...
Cyber Security News

Ivanti Fully Patched Connect Secure RCE Vulnerability That Actively Exploited in the Wild

Ivanti has issued an urgent security advisory for CVE-2025-22457, a critical vulnerability impacting Ivanti...
cyber security

Beware! Weaponized Job Recruitment Emails Spreading BeaverTail and Tropidoor Malware

A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved