Hundreds of thousands of MikroTik devices still vulnerable to botnets

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,154
Content source
https://www.bleepingcomputer.com/news/security/hundreds-of-thousands-of-mikrotik-devices-still-vulnerable-to-botnets/
Approximately 300,000 MikroTik routers are vulnerable to critical vulnerabilities that malware botnets can exploit for cryptomining and DDoS attacks.

MikroTik is a Latvian manufacturer of routers and wireless ISPs who has sold over 2,000,000 devices globally.

In August, the Mēris botnet exploited vulnerabilities in MikroTik routers to create an army of devices that performed a record-breaking DDoS attack on Yandex. MikroTik explained that the threat actors behind the attack exploited vulnerabilities fixed in 2018 and 2019, but users hadn't applied.

Researchers have found that far too many remain vulnerable to three critical remote code execution flaws that can lead to a complete device takeover despite all of these warnings and attacks. As illustrated in a report published by Eclypsium today, the situation remains highly problematic.
Click to expand...
Researchers from Eclypsium scanned the Internet for MikroTik devices that are still vulnerable to the following four CVEs:
  • CVE-2019-3977: Remote OS downgrade and system reset. CVSS v3 – 7.5
  • CVE-2019-3978: Remote unauthenticated cache poisoning. CVSS v3 – 7.5
  • CVE-2018-14847: Remote unauthenticated arbitrary file access and write. CVSS v3 – 9.1
  • CVE-2018-7445: Buffer overflow enabling remote access and code execution. CVSS v3 – 9.8
The devices need to run RouterOS version 6.45.6 or older to be eligible for exploitation and have their WinBox protocol exposed to the Internet.
Click to expand...
www.bleepingcomputer.com

Hundreds of thousands of MikroTik devices still vulnerable to botnets

Approximately 300,000 MikroTik routers are vulnerable to critical vulnerabilities that malware botnets can exploit for cryptomining and DDoS attacks.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
Reactions: Gandalf_The_Grey and harlan4096
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • +Reputation
    • Like
ASUS routers vulnerable to critical remote code execution flaws (patched)
Replies
1
Views
1,167
News Archive
codswollip
codswollip
[correlate]
    • Like
    • +Reputation
libcue Library Flaw Opens GNOME Linux Systems Vulnerable to RCE Attacks
Replies
0
Views
654
News Archive
[correlate]
[correlate]
Gandalf_The_Grey
    • Like
    • Applause
Trend Micro fixes endpoint protection zero-day used in attacks
Replies
1
Views
1,141
News Archive
Moonhorse
Moonhorse

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top