Community discussions

MikroTik App
 
User avatar
chechito
Forum Guru
Forum Guru
Topic Author
Posts: 2989
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Any info about this ? ZDI-23-710 CVE-2023-32154

Thu May 18, 2023 7:34 pm

RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability

https://www.zerodayinitiative.com/advis ... DI-23-710/
https://cve.mitre.org/cgi-bin/cvename.c ... 2023-32154

12/09/22 – ZDI reported the vulnerability to the vendor during Pwn2Own Toronto.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Thu May 18, 2023 7:40 pm

I guess Mikrotik has its own implementation and is not effected.
 
jcortega
just joined
Posts: 7
Joined: Mon Dec 18, 2017 6:53 pm

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Thu May 18, 2023 7:46 pm

I guess Mikrotik has its own implementation and is not effected.
It’s an specific RouterOS vulnerability
 
r00t
Long time Member
Long time Member
Posts: 672
Joined: Tue Nov 28, 2017 2:14 am

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Thu May 18, 2023 8:04 pm

This one seems particularly bad vulnerability, especially if it's in the router advertisement/neighbor discovery as described, as these are active by default and left enabled by most users:
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the Router Advertisement Daemon. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root.
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1025
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Thu May 18, 2023 8:52 pm

RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability

Is this a joke?

There is is no technical analysis, no info if it concerns RoS v6 or V7, and lastly CVE-2023-32154 does not even appear to be registered with NIST...
 
User avatar
chechito
Forum Guru
Forum Guru
Topic Author
Posts: 2989
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Thu May 18, 2023 9:03 pm

i think details are not revealed until a fix is released/confirmed, to prevent mass exploitation

https://en.wikipedia.org/wiki/Coordinat ... disclosure
Last edited by chechito on Thu May 18, 2023 9:05 pm, edited 1 time in total.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Thu May 18, 2023 9:04 pm

I guess Mikrotik has its own implementation and is not effected.
Oh, my fault... 😳 I just read "radvd" and did not follow the links. 🙃

Well, we will see... Let's hope we will have results in the coming days.
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1025
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Thu May 18, 2023 10:01 pm

Well, then it’s either a leak at NIST (cve) or a fake.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26287
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Fri May 19, 2023 2:15 pm

Blog entry following soon, together with RouterOS upgrade in all channels. Upgrade needed if using IPv6 advertisement settings.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Fri May 19, 2023 2:19 pm

So, for be clear, if is
/ipv6 settings
set accept-router-advertisements=no
no worry...?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26287
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Fri May 19, 2023 2:20 pm

ONLY affected if:

ipv6/settings/ set accept-router-advertisemnets=yes

or

ipv6/settings/set forward=no accept-router-advertisemnets=yes-if-forwarding-disabled
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Fri May 19, 2023 2:22 pm

Well, I have already configured all devices with this setting (set accept-router-advertisements=no) from the beginning ;)
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26287
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Fri May 19, 2023 2:24 pm

Yes, it is certainly not normal to have it on. Somebody coud have it on by mistake, or in very specific scenarios.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Fri May 19, 2023 2:25 pm

If I do not remember bad the default on both v6 and v7 is accept-router-advertisements=yes-if-forwarding-disabled and forward=yes

Blog entry following soon, together with RouterOS upgrade in all channels. Upgrade needed if using IPv6 advertisement settings.
Sorry, is also included 6.48.6 (long-term) and 6.49.7 (stable), over the 7.9 (stable) / 7.10beta5 (development)?
Thanks.
Last edited by rextended on Fri May 19, 2023 2:30 pm, edited 3 times in total.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26287
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Fri May 19, 2023 2:28 pm

RouterOS 7.10beta7, 7.9.1, 6.49.8 coming soon
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Fri May 19, 2023 2:30 pm

No hope on 6.48.7?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Fri May 19, 2023 5:58 pm

Blog entry following soon
Blog? I did not know it still existed...
 
User avatar
spippan
Member
Member
Posts: 333
Joined: Wed Nov 12, 2014 1:00 pm
Location: Austria

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Sat May 20, 2023 6:29 pm

Blog entry following soon
Blog? I did not know it still existed...
blog = new help docs?
 
holvoetn
Forum Guru
Forum Guru
Posts: 5317
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Sat May 20, 2023 6:38 pm

Is it correct this is already known for over 6 months ?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Sat May 20, 2023 9:01 pm

blog = new help docs?
No, blog = https://blog.mikrotik.com/
But nothing has been posted there for nearly two years...
 
User avatar
chechito
Forum Guru
Forum Guru
Topic Author
Posts: 2989
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Sun May 21, 2023 4:48 am

AFAIK this is not being exploited in the wild, so we have to be patient
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 883
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Sun May 21, 2023 6:29 am

If I do not remember bad the default on both v6 and v7 is accept-router-advertisements=yes-if-forwarding-disabled and forward=yes
It seems that rextended has good memory, and so by default (at least on 7.8 ) you should not be vulnerable (based on @normis post) because forward=yes

Here is RB760iGS with 7.8
[demo@RB760iGS-1] > ipv6/settings/export
# may/20/2023 23:22:09 by RouterOS 7.8
# software id = ****-****
#
# model = RB760iGS
# serial number = ************
[demo@RB760iGS-1] > ipv6/settings/export verbose
# may/20/2023 23:22:14 by RouterOS 7.8
# software id = ****-****
#
# model = RB760iGS
# serial number = ************
/ipv6 settings
set accept-redirects=yes-if-forwarding-disabled accept-router-advertisements=\
    yes-if-forwarding-disabled disable-ipv6=no forward=yes \
    max-neighbor-entries=4096
[demo@RB760iGS-1] > 
But this isn't a good sign, it apparently fell through the cracks at MikroTik for 6 months? (from https://www.zerodayinitiative.com/advis ... DI-23-710/)
ADDITIONAL DETAILS
12/09/22 – ZDI reported the vulnerability to the vendor during Pwn2Own Toronto.
05/09/23 – ZDI asked for an update.
 
gabacho4
Member
Member
Posts: 329
Joined: Mon Dec 28, 2020 12:30 pm
Location: Earth

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Sun May 21, 2023 9:17 am

Don't forget how the vendor then asked for the vulnerability info to be resent. So the intial notification was either not truly received or someone at Mikrotik missed it, saw it and forgot, or they just hit delete. I really like Mikrotik but this chain of events concerns me. And while a fix has been promised, how long before they'll release it? This is a 0-day exploit and we're already 6 months behind.
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 883
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Sun May 21, 2023 9:55 am

Hopefully, this is a wakeup call that MikroTik needs to have a relationship with the vulnerability testings organizations, so things like this don't end up in junk mail.

I am sure when they received the "final" notice, it was something like this xkcd students cartoon, but it didn't have as happy an ending.

Image
Last edited by Buckeye on Mon May 22, 2023 9:32 am, edited 1 time in total.
 
User avatar
spippan
Member
Member
Posts: 333
Joined: Wed Nov 12, 2014 1:00 pm
Location: Austria

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Sun May 21, 2023 12:52 pm

blog = new help docs?
No, blog = https://blog.mikrotik.com/
But nothing has been posted there for nearly two years...
thanks. totally forgot about that one

anyway, hoping there will be a fix out soon
for those not using ipv6 the temp. fix/workaround should mitigate the problem a bit at least.
 
r00t
Long time Member
Long time Member
Posts: 672
Joined: Tue Nov 28, 2017 2:14 am

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Mon May 22, 2023 1:40 am

So only way to get some action response out of Mikrotik is to threaten to release it as zero day after 6 months?
Does Mikrotik really wants to be in "that" group of companies?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26287
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Mon May 22, 2023 9:23 am

MikroTik received first communication about this a few days ago, despite what the "researchers" say. Blog and fix will follow today.
Our mailserver logs have nothing pertaining to this mater up to May 10, 2023. At this date our support team member asked for more info, received a PoC ZIP file and we started to work on this issue.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5317
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Mon May 22, 2023 9:26 am

Then it might be beneficial you communicate as such.
As it is presented now, it looks like you have been sitting on it for 6 months.

Ofcourse I understand the fix needs to be out first. No need to ruffle the feathers earlier.
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 883
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Mon May 22, 2023 10:06 am

I just searched for MikroTik security disclosure and did find this page.

Responsible disclosure of discovered vulnerabilities

And it has been there at least since 3-Dec-2022. You can verify this on the wayback machine

https://web.archive.org/web/20221203224140/https://mikrotik.com/supportsec

So it should have been easily found by ZDI (Trend Micro) who claimed to be the one that notified "the vendor". The "researchers" evidently reported to ZDI, and ZDI then uses the info (and claims to notify the vendor, but that is being called into question by normis).

So if no mail was ever received that is unfortunate for MikroTik.

After the problems have been addressed, someone should do a postmortem to determine why the "notification" didn't work.

It's possible that Trend Micro (aka ZDI) didn't really "make every effort to work with vendors to ensure they understand the technical details and severity of a reported security flaw" as they claim they do here:https://www.zerodayinitiative.com/about/
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26287
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Mon May 22, 2023 10:09 am

They sent a screenshot of an email, but it is not clear wheather it was actually sent out, or if they did not get "mail delivery failure" in return. Things happen, internet outages happen. It would have been nice, if they would ask "hey, did you get this", when nobody responded. Anyway. Fix is out today in a few hours. As far as we know, issue has not been exploited and default config is not vulnerable.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Mon May 22, 2023 10:13 am

[…] default config is not vulnerable […]
It is a very particular configuration, which rarely finds application in any user-side RouterBOARD,
and since the vulnerability to be exploited requires that the peripheral is directly connected, it is quite difficult, if not very rare,
that devices configured in such a particular way are attacked.

In a nutshell: The bug is there, it's serious, but it's useless.


I discovered that with the car you can run over pedestrians, but they haven't fixed this bug yet...
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 883
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Mon May 22, 2023 10:18 am

This is interesting: https://nakedsecurity.sophos.com/2022/12/12/pwn2own-toronto-54-hacks-63-new-bugs-1-million-in-bounties/

Excerpt:

The devices put forward by their vendors, and the prize money offered for successful hacks, looked like this:

---snip---
HACK A SOHO ROUTER.. AND WIN:
TPLink AX1800 $20,000 ($5000 if via LAN)
NETGEAR RAX30 $20,000 ($5000 if via LAN)
Synology RT6600ax $20,000 ($5000 if via LAN)
Cisco C921-4P $30,000 ($15,000 if via LAN)
Microtik RB2011 $30,000 ($15,000 if via LAN)
Ubiquiti EdgeRouter $30,000 ($15,000 if via LAN)
---snip---

This is a good sign, that MikroTik is willing to put up a bug bounty to have people try to break it. And it shows that MikroTik is more confident in their security than TPLink, NETGEAR and Synology are (based on rewards offered, especially look at the "LAN" side bounties, compared to the "consumer" brands).

So, the question is, what does "12/09/22 – ZDI reported the vulnerability to the vendor during Pwn2Own Toronto." mean? Was a MikroTik representaive there? The point being, there may not have been any email to MikroTik.
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 883
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Mon May 22, 2023 10:38 am

They sent a screenshot of an email, but it is not clear whether it was actually sent out, or if they did not get "mail delivery failure" in return.
I agree, a screen shot isn't too hard to create "after the fact" either.

I also agree that a single mail doesn't qualify as "every effort".

And I agree with rextended's assessment.
Last edited by Buckeye on Mon May 22, 2023 10:40 am, edited 1 time in total.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26287
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Mon May 22, 2023 10:39 am

Sorry but this is also false, MikroTik was not directly involved in this event or prize.
Edit: that is about the PwnToronto event.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26287
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Mon May 22, 2023 10:42 am

It is possible the event organizer confused MikroTik with some other company or maybe a local reseller, this is why the info never reached us. MikroTik is based in Latvia (EU), we do not attend such events so far away.
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 883
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Mon May 22, 2023 10:44 am

Sorry but this is also false, MikroTik was not directly involved in this event or prize.
Edit: that is about the PwnToronto event.
Yes, making any assumptions of validity of what you read/see on the internet is a dangerous activity. But it is one reason I like to include the source I am quoting.
 
gabacho4
Member
Member
Posts: 329
Joined: Mon Dec 28, 2020 12:30 pm
Location: Earth

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Mon May 22, 2023 10:45 am

Appreciate Normis's candor on this matter and definitely look forward to the update addressing it. As I said before, I'm a huge fan of Mikrotik devices and want to be able to keep singing their praise to friends and coworkers. Seems there is more to the story than reported initially. I'm more than willing to give Mikrotik the benefit of the doubt. Thanks for the seemingly very serious approach being taken!
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Mon May 22, 2023 10:46 am

This is a good sign, that MikroTik is willing to put up a bug bounty to have people try to break it.
No, for me it is a sign that since it is more widespread than tplink & co., and has objectively become harder to hack, the reward could only be higher...
These events are then financed by selling the vulnerabilities on the darknet?,
so it is obvious that they mysteriously do not communicate the vulnerabilities efficiently... If they fix them immediately, they earn less or nothing...
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26287
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Mon May 22, 2023 10:53 am

We will be releasing fix in all version trees, including long-term. First to be released is most likely 7.9.1 today. Rest will follow tomorrow (as full tests need to be done with each version)
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 883
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Mon May 22, 2023 11:05 am

These events are then financed by selling the vulnerabilities on the darknet?,
so it is obvious that they mysteriously do not communicate the vulnerabilities efficiently... If they fix them immediately, they earn less or nothing...
There have been cases of "insider trading", like this Rogue HackerOne employee steals bug reports to sell on the side

Happens with Credit card loss reporting as well. About 12 years ago, my wife couldn't find a credit card, called the official number (from my card) and reported it stollen. Then there were fraudulent charges on the card later that day. Then two days latter, she found the card at home on the desk where she had ordered something. She called back to let them know she had found the card, and that's when she found out there were fraudulent charges. They were happy she called back, because they were then able to trace other fraud to the employee that had taken the call, they would delay reporting the card stollen, and would give the card number to accomplices that knew the card would be reported as lost the next day.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Mon May 22, 2023 12:20 pm

precisely... :)
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Mon May 22, 2023 12:23 pm

including long-term

6.48.7 (long-term)??? :) please, please, please, not from 6.49.7 (stable) to 6.49.8 (long-term)....
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26287
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Mon May 22, 2023 12:35 pm

 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Mon May 22, 2023 12:51 pm

The blog says "with enabled IPv6 advertisement functionality" but I think that should be read as "with enabled IPv6 advertisement receiver functionality", right?
I.e. merely having IPv6 router advertisement enabled is not a problem?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26287
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Mon May 22, 2023 12:56 pm

yes, will clarify on the post
 
markuspri
just joined
Posts: 1
Joined: Mon May 22, 2023 1:46 pm

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Mon May 22, 2023 1:55 pm

Thanks Normis. This is being handled well by Mikrotik. Appreciate the good communication.
 
User avatar
pothi
newbie
Posts: 46
Joined: Fri Sep 14, 2018 7:48 pm
Location: Srivilliputhur, Tamil Nadu, India
Contact:

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Mon May 22, 2023 7:14 pm

I saw this thread only today. Thanks for all the efforts by the team behind MikroTik!
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Mon May 22, 2023 7:44 pm

It is possible the event organizer confused MikroTik with some other company or maybe a local reseller, this is why the info never reached us. MikroTik is based in Latvia (EU), we do not attend such events so far away.
Your over the seas rockstar - MikroTik celebrity - knows nothing about this?
That's a huge amount of money in the name of MikroTik, money that MikroTik didn't provide (?).
 
User avatar
vecernik87
Forum Veteran
Forum Veteran
Posts: 882
Joined: Fri Nov 10, 2017 8:19 am

Re: Any info about this ? ZDI-23-710 CVE-2023-32154

Mon May 22, 2023 9:27 pm

@Znevna: why not? If I wanted to hack mikrotik, I am not going to do that heavy lifting all by myself. Putting up a bounty (which I may not even pay in the end) and then pretending to be from the vendor sounds like an efficient strategy.

@normis
They sent a screenshot of an email
12/09/22 – ZDI reported the vulnerability to the vendor during Pwn2Own Toronto.
Publicly, they did not mention they contacted you with email, but privately they sent you a screenshot of email which wouldn't be needed if they contacted your representative during the event... Interesting

I am surely looking forward to see where this ends. Your past reactions to potential CVEs were not exactly stellar but I see lots of improvement since then and in this case, ZDI's claims really does not make much sense.

If you truly made the fix in 10 days after learning about this CVE, you deserve a big applause and apology from ZDI.

Who is online

Users browsing this forum: Bing [Bot], ccrsxx, nickhoulton and 70 guests