Mikrotik devices vulnerability, upgrade now

Mikrotik Devices Vulnerability: Upgrade Now

A few days ago, security company Tenable released a report about a series of vulnerabilities in Mikrotik devices. Mikrotik routers are widely used not only in company internal networks and for SOHO installations – many devices of this manufacturer also work in data centers, providing site-to-site VPN access.

A software bug allows hackers to exploit the Winbox protocol (tcp/8291), which is used to connect to an external configuration utility. An attacker can replace software update servers with their own and either download firmware with a default password or generate a special update package containing malicious code.

This series of vulnerabilities has been identified as CVE-2019-3976, CVE-2019-3977, CVE-2019-3978, and CVE-2019-3979. The developer has released software updates for Mikrotik devices, with patched RouterOS versions numbered 6.45.7 (stable), 6.44.6 (long-term), and 6.46beta59 (testing).

We recommend that all users of Mikrotik products immediately schedule maintenance and upgrade their RouterOS-based devices. It’s also advisable to disable access to Winbox entirely or use filters to restrict this protocol to trusted IP addresses.

For more details, check the following pages:

• PACKAGE VALIDATION AND UPGRADE VULNERABILITY
• DNS CACHE POISONING VULNERABILITY
• RouterOS: Chain to Root