Hi
some one is successfully logging in to my core router (CCR-1016) and changing DNS.
i suspended admin account but he is again login in easily with new account.
i am running Router OS v6.41.3
any one have any idea how is he doing it ?
What does the log says exactly? Login via web,telnet, winbox or ssh?
View: http://forum.mikrotik.com/t/advisory-vulnerability-exploiting-the-winbox-port-solved/118771/1 [ Advisory: Vulnerability exploiting the Winbox port [SOLVED] ]
Upgrade to >= 6.42.1 asap.