Once again, MikroTik Routers make it into the news. Allegedly, a researcher discovered several vulnerabilities in MikroTik Routers that could result in a complete system compromise. Moreover, he also found a new way to exploit a previously discovered vulnerability through which an attacker could gain root access to the device.
Vulnerabilities In RouterOS Used In MikroTik Routers
A researcher at Tenable has discovered several vulnerabilities in the Mikrotik Routers. Precisely, he discovered four different security flaws in the RouterOS that could trigger hacking attacks.
As discovered by Jacob Baines, the Tenable researcher, the Mikrotik’s operating system RouterOS had around four different security flaws. These include a remote code execution vulnerability (CVE-2018-1156), File upload memory exhaustion flaw (CVE-2018-1157), recursive JSON parsing stack exhaustion (CVE-2018-1158), and www memory corruption (CVE-2018-1159).
All these vulnerabilities, despite being different, had one thing common. They all required legit user credentials for authentication prior to exploit. While all four vulnerabilities were dangerous, the RCE flaw was classed as critical where it could allow an attacker to leverage full control over the target system by remote attacks. As stated in the Tenable’s advisory regarding these vulnerabilities,
“If the authenticated RCE vulnerability (CVE-2018-1156) is used against routers with default credentials, an attacker can potentially gain full system access, granting them the ability to divert and reroute traffic and gain access to any internal system that uses the router.”
POC For A Previous Directory Traversal Vulnerability
Baines also discovered a new attack method that makes the previously medium severity bug (CVE-2018-14847) into a critical one. After accessing the system by exploiting this bug, an attacker could perform any code execution as well as malware uploads too. As Baines said to ThreatPost,
“By exploiting the flaw, the remote attacker can get a root shell on the device as well as bypass the router’s firewall, gain access to the internal network, and even load malware onto victims’ systems undetected.”
This vulnerability has also been exploited for hacking MikroTik routers in the past. Some recent incidents include the Brazilian cryptojacking campaign and the hacking of thousands of routers for intercepting users’ traffic.
Patched Versions Available
According to Tenable, the vulnerabilities allegedly affected RouterOS versions 6.42.6 and 6.40.8. They approached MikroTik to inform about the flaws in May 2018. After that, the firm confirmed that patches are available. MikroTik then released fixes for these flaws in the RouterOS versions 6.40.9, 6.42.7, and 6.43.
While updates are already available, Baines fear that around 200,000 routers across the world still remain vulnerable to the flaws. Therefore, the users should make sure that their routers are running on the patched firmware versions. In case of having an older vulnerable version, consider updating your device at your earliest.