I have many Mikrotik RB750Gs deployed in many different locations. When the recent vulnerabilities were announced I began updating them as quickly as possible. However, I have many (100’s) that are no longer accessible. (Yes - my Firewall and port and security settings were obviously not strong enough to prevent infections). As I send a local tech out to remediate, the infected routers are blocking management access from all ports - WAN and LAN! With a back-door device connected, I cannot connect at a shell level to ports 22, 80,443, 8291. However, on same property with a non-infected router I can access the Mikrotik thru the same backdoor technique thus confirming this virus is locking down all management ports on the Tiks. The only way I’ve been able to recover is to send a tech into the unit and do a Pin based reset, install latest 6.40.8 software, add firewall rule to allow remote access, and then I can remotely push my scripts to reprogram the routers. This will take weeks before I can recover all of my routers if there is no other approach. I ran nmap on a few of the inaccessible routers and the only reported port open is 53 on UDP. I’ve been looking into applications like Dude, Netinstall, and Linux mactelnet, but nothing so far. Asking the community for any other ideas/approaches I could look into?
Thanks in advance.
Thanks again.