MikroTik: URGENT security advisory

Hello,

 

It has come to our attention that a rogue botnet is  currently using a vulnerability in the RouterOS Winbox service, that was  patched in RouterOS v6.42.1 in April 23, 2018. 

 

Since all RouterOS devices offer free upgrades with just  two clicks, we urge you to upgrade your devices with the "Check for  updates" button, if you haven't done so already. 

 

Steps to be taken: 

 

- Upgrade RouterOS to the latest release

- Change your password after upgrading

- Restore your configuration and inspect it for unknown  settings

- Implement a good firewall according to the article  here: 

 

https://wiki.mikrotik.com/wiki/Manual:Securing_Your_Router

 

All versions from 6.29 (release date: 2015/28/05) to 6.42  (release date 2018/04/20) are vulnerable. Is your device affected? If you have  open Winbox access to untrusted networks and are running one of the affected  versions: yes, you could be affected. Follow advice above. If Winbox is not  available to internet, you might be safe, but upgrade still recommended.

 

More information about the issue can be found here: https://blog.mikrotik.com

 

Best regards,

MikroTik

Aanmelden of registreren om een reactie te posten