In compliance with our commitment to ensure the safety of our clients, partners, staff, and visitors at all MikroTik events, we have no other choice but to postpone our upcoming events:
MUM Europe in Prague, Czech Republic (March 26-27) MTCSA in Riga, Latvia (March 23-24) Train the Trainer in Riga… Full storyTenable has identified a vulnerability in RouterOS DNS implementation. RouterOS 6.45.6 and below is vulnerable to unauthenticated remote DNS cache poisoning via Winbox. The router is impacted even when DNS is not enabled.
One possible attack vector is via Winbox on port 8291 if this port is open to untrusted… Full story
Tenable has identified a couple of issues with RouterOS packaging and upgrade systems. The upgrade system used by RouterOS 6.45.5 and below is vulnerable to man in the middle attacks and insufficient package validation. An attacker can abuse these vulnerabilities to downgrade a router's installed RouterOS version, possibly lock the… Full story
Summary
Netflix has identified several TCP networking vulnerabilities in the Linux kernel that is used in RouterOS. The vulnerabilities can trigger denial of service if the RouterOS system is attacked from an insufficiently protected network interface (port). Firewall can protect against the issue.
MikroTik has already applied the necessary patches… Full story
Summary
RouterOS contained several IPv6 related resource exhaustion issues, that have now been fixed, taking care of the above-mentioned CVE entries.
The first issue caused the device to reboot if traffic to a lot of different destination addresses was routed. The reboot was caused by watchdog timer since the device… Full story
Press Release. 25 February 2019
Riga, Latvia - MikroTik is announcing a collaboration with Facebook to build high-speed connectivity solutions with Terragraph, helping to accelerate the adoption of 60 GHz fixed wireless access technologies to deliver gigabit services and connect more people, faster. The 60 GHz band allows high-speed broadband… Full story
On February 21, Tenable published a new CVE, describing a vulnerability, which allows to proxy a TCP/UDP request through the routers Winbox port, if it's open to the internet. Tenable had previously contacted MikroTik about this issue, so a fix has already been released on February 11, 2019 in… Full story
A cybersecurity researcher from Tenable Research has released a new proof-of-concept (PoC) RCE attack for an old directory traversal vulnerability that was found and patched within a day of its discovery in April this year, the new attack method found by Tenable Research exploits the same vulnerability, but takes it… Full story
.jpg)
We have released a new version in the RouterOS bugfixes-only channel. The bugfixes-only channel is considered the "stable" branch of RouterOS releases and is updated rarely, only when important fixes must be included. This is the most stable and most tested of the RouterOS release channels.
!) security - fixed… Full story
MikroTik was contacted by Tenable Inc. who had discovered several issues in RouterOS web server. The issues only affect authenticated users, meaning, to exploit them, there must be a known username and password on the device. Your data, access to the system and configuration are not under risk. All the… Full story