(I)IoT Security News
News, Vulnerabilities

New Exploit for MikroTik Router WinBox Vulnerability Gives Full Root Access

A known vulnerability in MikroTik routers is potentially far more dangerous than previously thought.

A cybersecurity researcher from Tenable Research has released a new proof-of-concept (PoC) RCE attack for an old directory traversal vulnerability that was found and patched within a day of its discovery in April this year.

The vulnerability, identified as CVE-2018-14847, was initially rated as medium in severity but should now be rated critical because the new hacking technique used against vulnerable MikroTik routers allows attackers to remotely execute code on affected devices and gain a root shell.

The vulnerability impacts Winbox—a management component for administrators to set up their routers using a Web-based interface—and a Windows GUI application for the RouterOS software used by the MikroTik devices.

The vulnerability allows “remote attackers to bypass authentication and read arbitrary files by modifying a request to change one byte related to a Session ID.”

New Hack Turned ‘Medium’ MikroTik Vulnerability Into ‘Critical’

However, the new attack method found by Tenable Research exploits the same vulnerability and takes it to one step ahead.

A PoC exploit, called “By the Way,” released by Tenable Research Jacob Baines, first uses directory traversal vulnerability to steal administrator login credentials from user database file and the then writes another file on the system to gain root shell access remotely.

In other words, the new exploit could allow unauthorized attackers to hack MikroTik’s RouterOS system, deploy malware payloads or bypass router firewall protections.

The technique is yet another security blow against MikroTik routers, which was previously targeted by the VPNFilter malware and used in an extensive cryptojacking campaign uncovered a few months ago.

New MikroTik Router Vulnerabilities

Besides this, Tenable Research also disclosed additional MikroTik RouterOS vulnerabilities, including:

The vulnerabilities impact Mikrotik RouterOS firmware versions before 6.42.7 and 6.40.9.

Tenable Research reported the issues to MikroTik in May, and the company addressed the vulnerabilities by releasing its RouterOS versions 6.40.9, 6.42.7 and 6.43 in August.

While all the vulnerabilities were patched over a month ago, a recent scan by Tenable Research revealed that 70 percent of routers (which equals to 200,000) are still vulnerable to attack.

The bottom line: If you own a MikroTik router and you have not updated its RouterOS, you should do it right now.

Also, if you are still using default credentials on your router, it is high time to change the default password and keep a unique, long and complex password.

 

Source:

https://thehackernews.com/2018/10/router-hacking-exploit.html

 

 

 

Related posts

Siemens SIMATIC WinCC and PCS7 (Update A)

(I) IoT
5 years ago

Schneider Electric ProClima

(I) IoT
5 years ago

KUKA.Sim Pro

(I) IoT
5 years ago
Exit mobile version