US: +1 561 2500001/EU: +359 2 4925555 LiveChat
[email protected] Sign Up Login
ITLDC
  • SSD VDS
  • Servers
  • Hosting
  • Support
  • Blog
  • Contact
  • [UA]
  • [RU]
  • SSD VDS
  • Servers
  • Hosting
  • Support
  • Blog
  • Contact
  • [UA]
  • [RU]

Mikrotik devices vulnerability, upgrade now

Mikrotik devices vulnerability, upgrade now

Oct 30, 2019DmitryUncategorized

A few days ago security company named Tenable released a report about a series of vulnerabilities in Mikrotik devices. Mikrotik routers are widely used not only in company internal networks and for SOHO installations – many devices of this manufacturer also work in data centers, providing site-to-site VPN access.

Software bug allows hacker to use Winbox protocol (tcp/8291), which is used to connect an external device configuration utility. An attacker has the ability to replace software update servers with own one and download either firmware with a default password to the device or generate a special update package containing malicious code.

This series of vulnerabilities received identifiers CVE-2019-3976, CVE-2019-3977, CVE-2019-3978, CVE-2019-3979. The developer has already released software updates for Mikrotik devices, RouterOS versions with patches are numbered 6.45.7 (stable), 6.44.6 (long-term) and 6.46beta59 (testing).

We recommend that all users using Mikrotik products immediately schedule maintenance and upgrade their RouterOS-based devices. There will also be justified step to turn off access to Winbox completely or use filters to access this protocol only with trusted IP-addresses.

For more details check following pages:

  • PACKAGE VALIDATION AND UPGRADE VULNERABILITY
  • DNS CACHE POISONING VULNERABILITY
  • RouterOS: Chain to Root
Related Posts
    ← EU5.GDN network upgrade: is even faster!
    Halloween 2019 promotion! →

    European HQ

    ITL-Bulgaria Ltd.

    5 Sv-Sv Kiril&Metodi str
    Burgas
    Burgas reg, 8000
    Bulgaria

    +359 2 4925555

    [email protected]

    North America HQ

    Green Floid LLC

    2707 East Jefferson St
    Orlando
    Florida, 32803
    USA

    +1 561 2500001

    [email protected]

    Services

    • SSD VDS
    • Dedicated Servers
    • Shared Hosting
    • Colocation
    • DDoS Protection
    • SSL Certificates
    • Backup Storage
    • Reselling

    Support

    • Get Help
    • ITLDC Status
    • Looking Glass
    • Our SLA
    • Datacenters
    • FAQ & Knowledgebase
    • Data Security
    • Contact us

    © Copyright 1995-2019 ITLDC Team. You can freely use or share information from this site with a hyperlink to the original page.