Friday, November 15, 2024
HomeCyber Security NewsCritical MikroTik RouterOS Flaw Exposes 900,000 Systems to Cyber Attacks

Critical MikroTik RouterOS Flaw Exposes 900,000 Systems to Cyber Attacks

Published on

MikroTik RouterOS were vulnerable to a privilege escalation vulnerability which was first disclosed in June 2022 at REcon. The vulnerability existed on the x86 Virtual Machines of RouterOS, where a root shell can be obtained.

However, the new CVE for this vulnerability was assigned only in the middle of July 2023 when researchers at Vulncheck published new exploits for this vulnerability that can exploit a wider range of Hardware.

MikroTik released patches for this vulnerability on their stable release version 6.49.7.

- Advertisement - SIEM as a Service

Further investigations revealed that 6.49.7 was the most installed version of the RouterOS, followed by the 6.48.6 version.

Most installed RouterOS versions (Source: Vulncheck)

CVE-2023-30799: Privilege Escalation from Admin to Super Admin

This vulnerability exists due to improper privilege management on the RouterOS versions 6.49.7 through 6.48.6, allowing threat actors to escalate their privileges from admin to super-admin on the Winbox or HTTP interface.

This can lead to arbitrary code execution on the system by the threat actor. The CVSS score for this vulnerability was given as 9.1 (Critical). Reports indicated that more than 900K routers were vulnerable to CVE-2023-30799.

Authentication Required But Still Dangerous

Though this vulnerability requires authentication, it is easier to obtain the credentials as most installations do not change the default “admin” username. Things got even worse when RouterOS prompted their users to set a blank password in October 2021.

In addition to this, the RouterOS was also vulnerable to brute force attacks on their API port. Nearly 400K routers were exposing their API ports to the internet, which is less when compared to the Winbox or HTTP interface exposure.

Vulncheck has released a complete report on this vulnerability which mentions the origin, exploitation, and other information.

For optimal security, it is recommended that users promptly update to the latest version (6.49.8 or 7.x) and apply the necessary patch to address the vulnerability.

Stay up-to-date with the latest Cyber Security News; follow us on GoogleNewsLinkedinTwitterand Facebook.

Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Critical TP-Link DHCP Vulnerability Let Attackers Execute Arbitrary Code Remotely

A critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious...

Chinese SilkSpecter Hackers Attacking Black Friday Shoppers

SilkSpecter, a Chinese financially motivated threat actor, launched a sophisticated phishing campaign targeting e-commerce...

Cybercriminals Launch SEO Poisoning Attack to Lure Shoppers to Fake Online Stores

The research revealed how threat actors exploit SEO poisoning to redirect unsuspecting users to...

Black Basta Ransomware Leveraging Social Engineering For Malware Deployment

Black Basta, a prominent ransomware group, has rapidly gained notoriety since its emergence in...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Critical TP-Link DHCP Vulnerability Let Attackers Execute Arbitrary Code Remotely

A critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious...

Chinese SilkSpecter Hackers Attacking Black Friday Shoppers

SilkSpecter, a Chinese financially motivated threat actor, launched a sophisticated phishing campaign targeting e-commerce...

Cybercriminals Launch SEO Poisoning Attack to Lure Shoppers to Fake Online Stores

The research revealed how threat actors exploit SEO poisoning to redirect unsuspecting users to...