Mikrotik RouterOS security vulnerability reported in versions before 6.42

Mikrotik RouterOS has been a target for a decent amount of attack in last few months and this hasn’t stopped yet. Yesterday Mikrotik reported another security vulnerability resulting in remote access, infection and deploying a botnet code on infected devices. It is so far claimed to be a vulnerability in the Winbox (port 8291) interface although it is not confirmed that the issue limits only to this.

The best recommendations are to keep devices up to date with the latest releases of at least version 6.42.2 ( currently most recent is 6.42.6 ) and strictly firewalling management interfaces on all routers.

Infecting network devices with botnet has become a wide spread problem and doesn’t seem easy to fix especially with the thousands of unsecured devices left on the Internet. The second part the problem is that infected devices now try to find other vulnerable devices on the same network and eventually exploit and infect them as well.

With Cloud Routers being a directly connected to the public Internet, basic security is really a must have. Tests show that the scale of the current Mikrotik botnet issue has become so large that even a newly started RouterOS machine gets attacked in the matter of a few minutes since it’s first boot.

Our best suggestions for security are quite simple, yet absolutely relevant for the issue:

  • First thing – always firewall management interfaces only to your addresses
  • Disable unused protocols ( like telnet, FTP, etc.)
  • Use strong passwords
  • Keep your routers up to date