Saturday, May 4, 2024

Critical MikroTik RouterOS Flaw Exposes 900,000 Systems to Cyber Attacks

By Eswar

MikroTik RouterOS were vulnerable to a privilege escalation vulnerability which was first disclosed in June 2022 at REcon. The vulnerability existed on the x86 Virtual Machines of RouterOS, where a root shell can be obtained.

However, the new CVE for this vulnerability was assigned only in the middle of July 2023 when researchers at Vulncheck published new exploits for this vulnerability that can exploit a wider range of Hardware.

MikroTik released patches for this vulnerability on their stable release version 6.49.7.

Further investigations revealed that 6.49.7 was the most installed version of the RouterOS, followed by the 6.48.6 version.

Most installed RouterOS versions (Source: Vulncheck)

CVE-2023-30799: Privilege Escalation from Admin to Super Admin

This vulnerability exists due to improper privilege management on the RouterOS versions 6.49.7 through 6.48.6, allowing threat actors to escalate their privileges from admin to super-admin on the Winbox or HTTP interface.

This can lead to arbitrary code execution on the system by the threat actor. The CVSS score for this vulnerability was given as 9.1 (Critical). Reports indicated that more than 900K routers were vulnerable to CVE-2023-30799.

Authentication Required But Still Dangerous

Though this vulnerability requires authentication, it is easier to obtain the credentials as most installations do not change the default “admin” username. Things got even worse when RouterOS prompted their users to set a blank password in October 2021.

In addition to this, the RouterOS was also vulnerable to brute force attacks on their API port. Nearly 400K routers were exposing their API ports to the internet, which is less when compared to the Winbox or HTTP interface exposure.

Vulncheck has released a complete report on this vulnerability which mentions the origin, exploitation, and other information.

For optimal security, it is recommended that users promptly update to the latest version (6.49.8 or 7.x) and apply the necessary patch to address the vulnerability.

Stay up-to-date with the latest Cyber Security News; follow us on GoogleNewsLinkedinTwitterand Facebook.

Managed WAF Protection

Website

Latest articles

cyber security

Mal.Metrica Malware Hijacks 17,000+ WordPress Sites

Infected websites mimic legitimate human verification prompts (CAPTCHAs) to trick users, who often request...
cyber security

Hackers Exploit Microsoft Graph API For C&C Communications

An emerging threat leverages Microsoft's Graph API to facilitate command-and-control (C&C) communications through Microsoft...
cyber security

ApacheMQ Authentication Flaw Let Unauthorized Users Perform Multiple Actions

Apache ActiveMQ is a Java based communication management tool for communicating with multiple components...
cyber security

68% of Data Breach Occurs Due to Social Engineering Attacks

In the latest edition of Verizon's Data Breach Investigations Report (DBIR) for 2024, a...
cyber security

U.S. Govt Warns of Massive Social Engineering Attack from North Korean Hackers

The United States government has issued a stark warning about a new wave of...
Cisco

Cisco IP Phone Vulnerability Let Attackers Trigger DoS Attack

Cisco has disclosed multiple vulnerabilities in its IP Phone firmware that could severely impact...
cyber security

Threat Actors Renting Out Compromised Routers To Other Criminals

APT actors and cybercriminals both exploit proxy anonymization layers and VPN nodes to mask...
Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

WAAP/WAF ROI Analysis

Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

    • Book Your Spot

Related Articles

Connect with GBHackers On Security

Join 70,000 Security Professionals

Stay safe online with free daily cybersecurity updates. Sign up now!

GBHackers on security is a highly informative and reliable Cyber Security News platform that provides the latest and most relevant updates on Cyber Security News, Hacking News, Technology advancements, and Kali Linux tutorials on a daily basis. The platform is dedicated to keeping the community well-informed and up-to-date with the constantly evolving Cyber World.

Menu

Contact US:

Email : [email protected]