silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,176
A chain of vulnerabilities in MikroTik routers could allow an attacker to gain a backdoor. The chain starts with DNS poisoning, goes on to downgrading the installed version of MikroTik's RouterOS software, and ends with enabling a backdoor.
Tenable researchers found the vulnerabilities and disclosed two to MikroTik on September 11, 2019 (CVE-2019-3976 and CVE-2019-3977) and two more on September 13, 2019 (CVE-2019-3978 and CVE-2019-3979). It said, "By chaining these vulnerabilities, an unauthenticated remote attacker with access to port 8291 on the router, can perform a RouterOS downgrade, reset the system passwords, and potentially gain a root shell." MikroTik released patches on October 28, 2019.
MikroTik Router Vulnerabilities Can Lead to Backdoor Creation
A chain of vulnerabilities in MikroTik routers starts with DNS poisoning, goes on to downgrading the installed version of MikroTik's RouterOS software, and ends with enabling a backdoor.
www.securityweek.com