Exploiting MikroTik RouterOS Hardware with CVE-2023-30799(vulncheck.com)

posted 1 year ago

rayman30@lemmy.worldM

mikrotik@lemmy.world

2 commentshide report

Up until version 6.49.8 (July 20, 2023), MikroTik RouterOS Long-term was vulnerable to CVE-2023-30799. Remote and authenticated attackers can use the vulnerability to get a root shell on the router.

Sort:

Hot Top Controversial New Old

You are viewing a single thread.

View all comments

[ - ]

skysurfer@lemmy.world

2 points

1 year ago

This only seems to impact instances that have Webfig or Winbox exposed to the attacker and not on the latest Long-term release. As long as those are not exposed to the internet the risk is minimal.

Sadly, as the article pointed out, it seems that potentially hundreds of thousands of vulnerable instances are exposed to the internet.

permalink

report

[ - ]

rayman30@lemmy.worldOPM

1 point

1 year ago

Makes me wonder why the default config enables those services on the outside interface anyway.

permalink

report

parent

Mikrotik

!mikrotik@lemmy.world

Create post

A community-contributed sublemmy for all things Mikrotik. General ISP and network discussion also permitted. Please ensure if you’re asking a question you have checked the Wiki First: https://help.mikrotik.com

Mikrotik Rules: Don’t post content that is incorrect or potentially harmful to a router/network.

This in itself is not a bannable offence but answers that are verifiably incorrect or will cause issues for other users will be edited or removed.

Examples: Factual errors - “EOIP is always unsecure” Configuration problems - Config that would disable all physical interfaces on a router Trolling - “Downgrade it to 5.26”

Community stats

21
Monthly active users
42
Posts
55
Comments

Community moderators

rayman30@lemmy.world