News

MikroTik fixes privilege escalation bug affecting 900,000 routers

By admin
Spread the love

MikroTik quietly released a patch for its RouterOS firmware last week that fixed a serious vulnerability. The privilege escalation bug affected about 900,000 routers.

The vulnerability is tracked as CVE-2023-30799 and receives a CVSS score of 9.1. This has now been fixed in MikroTiks RouterOS Stable version 6.49.7 and higher and LTS release 6.48.6 and higher. The patch was implemented silently without MikroTik paying attention to it. Security company VulnCheck wrote down details about the bug. The VulnCheck researchers say that more than 474,000 vulnerable devices can be accessed via search engine Shodan, but routers can also be managed via MikroTik’s Winbox client, making a total of 926,000 vulnerable devices.

The vulnerability is a privilege escalation bug. This allows users to elevate themselves from a normal admin account to a Super Admin level. This allows an attacker to gain full access to the RouterOS operating system. The researchers have also released a proof-of-concept in which they demonstrate how the vulnerability can be exploited.

To exploit the bug, attackers must already have access to a normal admin level. VulnCheck says that’s not difficult, though; RouterOS has an admin account enabled by default and until October 2021 the default password for it was an empty string.

You might also like
News

Private: iPad 2025 prices: The cheapest iPad is now even cheaper

News

Private: Drive to Survive 2025: This is how you look for season 7 on Netflix for free

News

Private: MacBook Air 2025 Prices: This Mac is now a lot cheaper!

News

Private: Viaplay Offer: This way you can view Formula 1 with a 23% discount

News

Private: Apple releases Mac Studio 2025: once again an upgrade

News

Private: Apple reveals MacBook Air 2025 with M4 chip and lower price