hi everyone,
just found this video on youtube https://youtu.be/h6JSNFhQUN8
and this link regarding the above video https://github.com/BigNerd95/WinboxExploit
questions, will next version of RoS will be able to protect us (as customers) from outsider who use the above tools to mess-up our routers ?
thank you
P
Fixes for this are avaible for more then a month
Firstly, outsider should never have access to your management port. There should be no port 22,23,80,443,8291 opened to other than your computer.
Secondly, this is several months old - it was disclosed on end of April and fix was released within couple of days for both Bugfix and Current release tree. Just couple of weeks ago some kiddo released public script so now, you and many others are panicking because you never cared about security till now. (if you care, you would have proper firewall and you would update your device months ago)
OMG … next topic about winbox problem …
@Prawira … have you checked forum for this problem? Have you tried this http://bfy.tw/J9pW before posting?
What’s worse about @prawira’s post is that page, linked as second link in OPs post, has all information about exploit (including fixed version of ROS) as well as basic instructions about how to protect router…
Sigh.
Actually, thanks to this script (Earlier I saw different not-that-complete version) I realized that there is hidden caveat to currently recommended “set your firewall” - MAC winbox does ignores the IP firewall (obviously you cant use L3 feature to filter L2 communication). That however means, that even with perfect firewall, people would be vulnerable, if their MAC Winbox is listening on any interface…
Dang.. I am sure several of my devices are incorrectly set up…
Even silly post can bring some good in the end 
I guess that MAC Winbox is slightly harder to exploit as attacker would need direct L2 sccess. That’s either from ISPs core infrastructure or from your own LAN. Then it all depends on how much you can trust both your ISP and your LAN users.
But then again, it’s better to over-protect your boxes.
That’s actually an excellent point. By default, you should NOT trust internal users. If they’re honest, then great. Otherwise, plan for the worst.
Sent from Tapatalk
dear all,
thank for all of your responses please accept my apologize for the delay.
i do know about the bug-fix upgrade that mention about vulnerability of previous versions, but never see the example of problem before.
honestly, i just see the proof of the mentioned vulnerability couple days ago and get big shock cause of that.
one of you said that i HAVE TO upgrade to the latest version but not for me. as we all know, mikrotik engineers always fix bug A but than bug B come up.
the story is…
NOTE: this CRS does not allow me to downgrade into 6.40 as the factory version is 6.41
cheers
P
Well it’s up to you. Be afraid to upgrade because there might be some unknown bug, or risk your network being hacked. Not really a tough choice actually.
well…
the function we need are working great on 6.41; has not try on 6.42-6.42.5 yet…
but when we do upgrade to 6.42.6 as the latest current version, the function are broken
P
Not sure if this hacker is good or bad. Lets see if on the next step he will upgrade routers or reset their configuration 