BREAKING —MikroTik has released firmware patches for RouterOS, the operating system that ships with some of its routers. The patches fix a zero-day vulnerability exploited in the wild.
A MikroTik engineer
said yesterday that "the vulnerability allowed a special tool to connect to the [MikroTik] Winbox port, and request the system user database file."
The attacker would then decrypt user details found in the database, and log into the MikroTik router.
Zero-day spotted on Czech forum
According to the users of a Czech technology forum, who first spotted the attacks, the hacks followed a similar pattern. The attacker would have two failed Winbox login attempts, a successful login, would change a few services, log out, and then come back a few hours later.
....
....