OVER 17 THOUSAND ROUTERS IN KAZAKHSTAN ARE POTENTIALLY VULNERABLE TO MIKROTIK ROUTEROS VULNERABILITY
Recently, the media has learnt about a vulnerability in MikroTik RouterOS. By exploiting it, an attacker will be able to escalate privileges from simple administrator to super admin (built-in administrator account).
Authentication is required to exploit the vulnerability, but even that is not a problem for a hacker, as RouterOS has standard administrator credentials installed by default. MikroTik’s security instructions recommend removing the administrator credentials when installing the router. Simply put, change the password, but most people ignore this recommendation.
The National Computer Incident Response Service has conducted an analysis which revealed that 17,000 routers in Kazakhstan are potentially affected by the vulnerability, some of which have started applying updates. To date, 5,128 routers have clear signs of the vulnerability.
Organizations using vulnerable versions of the MikroTik RouterOS product are advised to immediately apply updates from the official source in accordance with the organization’s policy rules. It is also recommended to remove administrative interfaces from the Internet, restrict IP access to a specific list of permissions, disable Winbox and use SSH only, and configure SSH to use public and private keys instead of passwords.
For reference: in early RouterOS builds below 6.49, the default admin password is an empty string, and almost 60% of MikroTik routers still use it.