Several vulnerabilities found in RouterOS that Affected MikroTik Routers
Tenable researcher, Jacob Baines, has discovered multiple vulnerabilities in the Mikrotik routers; four separate security flaws that are vulnerable to hacking attacks. Mikrotik made it into the news in September after it was discovered routers had been hijacked using a security flaw on the RouterOS, and attackers we able to spy on users.
RouterOS, Mikrotik’s operating system was found to have around four security flaws. This includes a remote code execution vulnerability (CVE-2018-1156), File upload memory exhaustion flaw (CVE-2018-1157), recursive JSON parsing stack exhaustion (CVE-2018-1158), and www memory corruption (CVE-2018-1159).
While these are separate vulnerabilities, they all require legitimate user credentials before being able to exploit. These vulnerabilities are particularly dangerous, allowing an attacker to gain full control of the system, by remote attacks.
This security vulnerability has been exploited in the past, memorably the hacking of 7500 routers for intercepting user’s traffic and the cryptojacking campaign in which routers were exploited for cryptocurrency mining.
According the Tenable the multiple vulnerabilities affected RouterOS versions 6.42.6 and 6.40.8. Tanable contacted MikroTik in May 2018 to inform them about the flaws, after which Mikrotik released patches to fix the issue. However, not everyone is vigilant with patching their router when these flaws become known, and Jacob Baines has estimated that around 200,000 routers across the world may still be open to this exploit.
We second Tenable’s statement in encouraging users to update their system to the latest patch at the earliest possible time to help protect against these security vulnerabilities.