This will appear in the RouterOS logs, as a WinBox connection attempt that fails, and then a second attempt, which is successful. The remote user can then log in, and take control of the router. While it currently remains uncertain exactly how the exploit works, it would appear that a remote user can connect to the WinBox port (which is port 8291 by default), and download a user database file, without successfully authenticating.
Version 6.42.1 for current (and v6.43rc4 for release candidate), has just been released, which has fixed this vulnerability, and should be upgraded to as soon as possible. This is currently effecting RouterOS versions v6.29 through to v6.42 in the current channel (and up to v6.43rc3 in the release candidate channel). It was discovered on the 23rd of April 2018, that there was a remote vulnerability being exploited in the wild, that is exploiting the Winbox service on RouterOS based devices (Mikrotik / Routerboard devices).
0 kommentar(er)
