It was just brought to my attention but I am not finding a word from Mikrotik about this:
thehackernews.com/2025/01/13000-mikrotik-routers-hijacked-by.html
Apparently, it is just 2 days old discovery and details are scarce.
(highlighting is mine)Description
MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.
MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue.
A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface.
The attacker can abuse this vulnerability to execute arbitrary code on the system.
Still falling everytime into the same stupid speeches.
Are you able to understand well what is written???
MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue.
A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface.
The attacker can abuse this vulnerability to execute arbitrary code on the system.
Do you know what it means to be already authenticated as admin???
Who cares about vulnerability when those who MUST be authenticated can already do whatever the f–k they want,
like install old RouterOS version vulnerable to x, y and z???
Wrong concern. How does an attacker have REMOTE (or local) access as ADMIN???
So...
With these simple considerations, therefore, there is NO secure version of RouterOS,
because if an INCOMPETENT administrator leaves the ports open, does not delete "admin" and sets a stupid password,
any attacker can reinstall a vulnerable version of RouterOS and hack the router.
Exactly but are ok from 6.49.8 and up, 7.13 and up.So, the current version 6.49.17 and 7.17 of ROS are presumably not affected by these previously discovered vulnerabilities assuming the default admin user is disabled and replaced with once with complex password, management access to router restricted to specific private IPs (so no SSH/Winbox from WAN), firewall is properly configured, unused ports and services disabled, inter-VLAN traffic restricted...