SGGPO
Worldwide , the number of MikroTik routers exposed to the Internet that are at risk of being exploited via HTTP and Winbox are 500,000 and 900,000 devices, respectively. This number in Vietnam is 9,500 via HTTP and 23,000 via Winbox, according to Bkav's records.
 |
| In Vietnam, the number of MikroTik devices connecting to the Internet as of July 26 is in the tens of thousands. |
A serious vulnerability has just been discovered in the MikroTik RouterOS operating system, allowing an authenticated attacker to escalate privileges from Admin to Super Admin to execute arbitrary code, take full control of devices and turn them into botnets, and launch DDoS attacks.
The newly discovered vulnerability has the identifier CVE-2023-30799, CVSS severity score 9.1. However, Bkav experts believe that the "deadly point" here is the "default password". "To exploit the vulnerability CVE-2023-30799, hackers need to gain Admin rights while most of the default passwords on the devices have not been changed," said Mr. Nguyen Van Cuong, Director of Network Security at Bkav.
MikroTik routers are popular products from the Latvian networking equipment manufacturer. They run on the proprietary MikroTik RouterOS operating system, allowing users to access the administration page via either the HTTP web interface or the Winbox application to create, configure and manage a LAN or WAN.
With such a large number of devices connecting to the Internet, to minimize risks, Bkav recommends that users immediately update to the latest patch (6.49.8 or 7.x) for RouterOS, and implement the following additional solutions: Disconnect the Internet on the administration interfaces to prevent remote access; set a strong password if the administration page must be published; turn off the Winbox administration program and use the SSH protocol instead, because MikroTik only provides protection solutions for the SSH interface...
Source
Comment (0)