Community discussions

MikroTik App
 
silversword
newbie
Topic Author
Posts: 43
Joined: Tue Jul 23, 2013 3:36 pm

IoT Botnet 'IoTroop' or 'IoT Reaper' compromising Mikrotik devices

Wed Oct 25, 2017 3:40 pm

See: https://research.checkpoint.com/new-iot ... rm-coming/

Can someone check my proverbial math below

MikroTik RouterOS SNMP Security Bypass Vulnerability 3.13 or earlier vulnerable
MikroTik RouterOS Admin Password Change 4.x or earlier vulnerable
MikroTik Router Remote Denial Of Service 5.15 or earlier vulnerable

So minimum firmware requirement is: 5.16 or later?

Is there a running CVE list of Mikrotik issues somewhere that is regularly updated as new things are found?

Thx David
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 1816
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: IoT Botnet 'IoTroop' or 'IoT Reaper' compromising Mikrotik devices

Wed Oct 25, 2017 4:02 pm

Where do you have this infomation from as the link directs to page where Mikrotik has "-" for all "Seen in the Context of the current Attack?"

Are you awere that current ROS version is 6.40.4? The latest 5.x version is 5.26 and is long long time obsolete? Why are you bothering about 3.x and 4.x devices? Do you use them? It is as asking for Win 98 problems in the era of Win 10.
Real admins use real keyboards.
 
silversword
newbie
Topic Author
Posts: 43
Joined: Tue Jul 23, 2013 3:36 pm

Re: IoT Botnet 'IoTroop' or 'IoT Reaper' compromising Mikrotik devices

Wed Oct 25, 2017 5:19 pm

Well I was just doing my due diligence on security patches, and wanted to make sure I wasn't missing anything (was surprising me to see 5.x was the latest one too). I had to search for the CVE's using the listed descriptions as there was no official numbers listed. I'm sure there are a couple old devices out in the world, just wanted to make sure I wasn't missing anything :)

...and while I was at it looking to see if there's a nice spreadsheet listing all known vulnerabilities. I'm sure device vendors don't like to make it easy to see they've had problems in the past, but that list could include a list of discovery date/patch date to show they're on top of fixes for mitigation :)
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1772
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: IoT Botnet 'IoTroop' or 'IoT Reaper' compromising Mikrotik devices

Wed Nov 01, 2017 1:23 am

i think the main reason of mikrotik mention in that topic its about bad configured devices, simple passwords or any password at all, dns and ntp servers open to internet etc etc

i think is a good think mikrotik now is brand big enough to be taken into account, that speaks loud about the number of mikrotik devices deployed in internet
 
silversword
newbie
Topic Author
Posts: 43
Joined: Tue Jul 23, 2013 3:36 pm

Re: IoT Botnet 'IoTroop' or 'IoT Reaper' compromising Mikrotik devices

Wed Nov 01, 2017 5:42 am

I think I found my answer on a public list of vulnerabilities, though it might not be complete:
https://www.cvedetails.com/vendor/12508/Mikrotik.html
 
eXS
newbie
Posts: 43
Joined: Fri Apr 14, 2017 4:01 am

Re: IoT Botnet 'IoTroop' or 'IoT Reaper' compromising Mikrotik devices

Wed Nov 01, 2017 7:23 am

I think I found my answer on a public list of vulnerabilities, though it might not be complete:
https://www.cvedetails.com/vendor/12508/Mikrotik.html
I didn't even really know about those 6.38.5 vulnerabilities - although now that i think about it i recall the 2 page thread going back & forth re: vulnerability vs device limitation

That being said - What site should I rely on for vulnerability information regarding Mikrotik/RouterOS?

Who is online

Users browsing this forum: Bing [Bot], nalawadesatyen and 84 guests