CVE-2019–3924 Mikrotik Dude agent vulnerability

A new vulnerability has been reported in the Mikrotik Dude agent. The issue eventually allows an attacker to proxy requests through the Winbox port on the vulnerable device. The CVE-2019–3924 has been published on February 21st, but there is already an update for the Mikrotik RouterOS that fixes it.

As the vulnerability relies on being able to publicly access the Winbox port, it doesn’t affect router with active firewall.

The issue is fixed in RouterOS versions:

  • 6.43.12 (2019-02-11 14:39)
  • 6.44beta75 (2019-02-11 15:26)
  • 6.42.12 (2019-02-12 11:46)

Mikrotik RouterOS 6.42.6 is now available on CloudBalkan

Mikrotik released a new hotfix version of RouterOS related to the recent security vulnerabilities affecting Mikrotik based routers. Most of the security issues were related to Mikrotik proprietary management interface used by the Winbox tool ( port 8291 ) and led to the build up of a large botnet of infected, insecure routers.

The new version 6.42.6 is so far claimed to be free of the exploited vulnerabilities and provides some more cloud related improvements as well:

What’s new in 6.42.6 (2018-Jul-06 11:56):

  • chr – added checksum offload support for Hyper-V installations;
  • chr – added large send offload support for Hyper-V installations;
  • chr – added multiqueue support on Xen installations;
  • chr – added support for multiqueue feature on “virtio-net”;
  • chr – added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
  • chr – by default enable link state tracking for virtual drivers with “/interface ethernet disable-running-check=no”;
  • chr – do not show IRQ entries from removed devices;
  • chr – fixed interface name assign process when running CHR on Hyper-V;
  • chr – fixed interface name order when “virtio-net is not being used on KVM installations;
  • chr – fixed MTU changing process when running CHR on Hyper-V
  • chr – fixed NIC hotplug for “virtio-net”;
  • chr – improved balooning process;
  • chr – improved boot time for Hyper-V installations;
  • chr – provide part of network interface GUID at the beginning of “bindstr2” value when running CHR on Hyper-V;
  • chr – reduced RAM memory required per interface;

Mikrotik RouterOS 6.42.6 is now available on CloudBalkan Cloud Routers

Mikrotik RouterOS security vulnerability reported in versions before 6.42

Mikrotik RouterOS has been a target for a decent amount of attack in last few months and this hasn’t stopped yet. Yesterday Mikrotik reported another security vulnerability resulting in remote access, infection and deploying a botnet code on infected devices. It is so far claimed to be a vulnerability in the Winbox (port 8291) interface although it is not confirmed that the issue limits only to this. Read More