It’s an specific RouterOS vulnerabilityI guess Mikrotik has its own implementation and is not effected.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Router Advertisement Daemon. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root.
RADVD Out-Of-Bounds Write Remote Code Execution Vulnerability
Oh, my fault... I just read "radvd" and did not follow the links.I guess Mikrotik has its own implementation and is not effected.
Sorry, is also included 6.48.6 (long-term) and 6.49.7 (stable), over the 7.9 (stable) / 7.10beta5 (development)?Blog entry following soon, together with RouterOS upgrade in all channels. Upgrade needed if using IPv6 advertisement settings.
Blog? I did not know it still existed...Blog entry following soon
blog = new help docs?Blog? I did not know it still existed...Blog entry following soon
No, blog = https://blog.mikrotik.com/blog = new help docs?
It seems that rextended has good memory, and so by default (at least on 7.8 ) you should not be vulnerable (based on @normis post) because forward=yesIf I do not remember bad the default on both v6 and v7 is accept-router-advertisements=yes-if-forwarding-disabled and forward=yes
[demo@RB760iGS-1] > ipv6/settings/export # may/20/2023 23:22:09 by RouterOS 7.8 # software id = ****-**** # # model = RB760iGS # serial number = ************ [demo@RB760iGS-1] > ipv6/settings/export verbose # may/20/2023 23:22:14 by RouterOS 7.8 # software id = ****-**** # # model = RB760iGS # serial number = ************ /ipv6 settings set accept-redirects=yes-if-forwarding-disabled accept-router-advertisements=\ yes-if-forwarding-disabled disable-ipv6=no forward=yes \ max-neighbor-entries=4096 [demo@RB760iGS-1] >
thanks. totally forgot about that oneNo, blog = https://blog.mikrotik.com/blog = new help docs?
But nothing has been posted there for nearly two years...
It is a very particular configuration, which rarely finds application in any user-side RouterBOARD,[…] default config is not vulnerable […]
I agree, a screen shot isn't too hard to create "after the fact" either.They sent a screenshot of an email, but it is not clear whether it was actually sent out, or if they did not get "mail delivery failure" in return.
Yes, making any assumptions of validity of what you read/see on the internet is a dangerous activity. But it is one reason I like to include the source I am quoting.Sorry but this is also false, MikroTik was not directly involved in this event or prize.
Edit: that is about the PwnToronto event.
No, for me it is a sign that since it is more widespread than tplink & co., and has objectively become harder to hack, the reward could only be higher...This is a good sign, that MikroTik is willing to put up a bug bounty to have people try to break it.
There have been cases of "insider trading", like this Rogue HackerOne employee steals bug reports to sell on the sideThese events are then financed by selling the vulnerabilities on the darknet?,
so it is obvious that they mysteriously do not communicate the vulnerabilities efficiently... If they fix them immediately, they earn less or nothing...
Your over the seas rockstar - MikroTik celebrity - knows nothing about this?It is possible the event organizer confused MikroTik with some other company or maybe a local reseller, this is why the info never reached us. MikroTik is based in Latvia (EU), we do not attend such events so far away.
They sent a screenshot of an email
Publicly, they did not mention they contacted you with email, but privately they sent you a screenshot of email which wouldn't be needed if they contacted your representative during the event... Interesting12/09/22 – ZDI reported the vulnerability to the vendor during Pwn2Own Toronto.