Vulnerability in routerOS. See what Mikrotik recommends.
There is presently an increase in the number of Mikrotik routers being attacked online. If your devices is connected on a live IP, then you have no excuse not to following these recommendations from Mikrotik. Apart from the guidelines I have put together here on how to secure your router, Mikrotik just recently sent out emails to its customers informing them of the rise in cyber attacks on routerOS.
In the letter, Mikrotik said “It has come to our attention that a rogue botnet is currently using a vulnerability in the RouterOS Winbox service, that was patched in RouterOS v6.42.1 in April 23, 2018.” The company noted that “since all RouterOS devices offer free upgrades with just two clicks, we urge you to upgrade your devices with the “Check for updates” button, if you haven’t done so already.”
To ensure that customers are protected, Mikrotik recommends that the following steps are taken:
– Upgrade RouterOS to the latest release
– Change your password after upgrading
– Restore your configuration and inspect it for unknown settings
– Implement a good firewall according to the article here:
- You may also like: 9 things you must do on a Mikrotik router to effectively secure your network
As for which devices are affected, Mikrotik stated that “all versions from 6.29 (release date: 2015/28/05) to 6.42 (release date 2018/04/20) are vulnerable. Is your device affected? If you have open Winbox access to untrusted networks and are running one of the affected versions: yes, you could be affected. Follow advice above. If Winbox is not available to internet, you might be safe, but upgrade still recommended.”
For more information on this and on how to secure your devices, please visit https://blog.mikrotik.com