As always, the best way to secure a device is to ensure it’s running the latest firmware. The company also provides other suggestions for locking down the devices. The researchers have released a free software tool that people can use to detect if their MikroTik device is either vulnerable or infected. Once hackers infect a device, they typically use it to launch further attacks, steal user data, or participate in distributed denial-of-service attacks. Combined with two other vulnerabilities located in Winbox- CVE-2019-3977 and CVE-2019-3978-Eclypsium found 300,000 vulnerable devices. The Eclypsium researchers said that CVE-2018-14847 is one of at least three high-severity vulnerabilities that remains unpatched in the Internet-connected MikroTik devices they tracked. “Collectively, this gives attackers many opportunities to gain full control over very powerful devices, positioning them to be able to target devices both behind the LAN port as well as target other devices on the Internet.” Embraced by script kiddies and nation-states alikeįurther Reading Found in the wild: Vault7 hacking tools WikiLeaks says come from CIAA few months later, researchers at security firm Trustwave discovered two malware campaigns against MikroTik routers after reverse engineering a CIA tool leaked in a WikiLeaks series known as Vault7.Īlso in 2018, China's Netlab 360 reported that thousands of MikroTik routers had been swept into a botnet by malware attacking a vulnerability tracked as CVE-2018-14847. “Given the challenges of updating MikroTik, there are large numbers of devices with these 20 vulnerabilities,” Eclypsium researchers wrote in a post. While the manufacturer has released patches, the Eclypsium research shows that a significant proportion of users has yet to install them.
The estimate, made by researchers at security firm Eclypsium, is based on Internet-wide scans that searched for MikroTik devices using firmware versions known to contain vulnerabilities that were discovered over the past three years.
As many as 300,000 routers made by Latvia-based MikroTik are vulnerable to remote attacks that can surreptitiously corral the devices into botnets that steal sensitive user data and participate in Internet-crippling DDoS attacks, researchers said.
0 kommentar(er)
