3 records found
…Tenable Research exploits the same vulnerability, but takes it to one step ahead. Since the original Winbox issue, identified as CVE-2018-14847, was already patched back in April, we urge all MikroTik users to upgrade their devices to any recently released version, and as…
This post summarises the Winbox server vulnerability in RouterOS, discovered and fixed in RouterOS on April 23, 2018. Note that although Winbox was used as point of attack, the vulnerabilitty was in RouterOS. This issue was later assigned a universal identifier CVE-2018-14847. How it works: The vulnerability allowed a special tool to connect to the Winbox port, and request the system user database file. …
…dictionary attack by this malware) and to keep your MikroTik router upgraded (since this malware also attempts to exploit the mentioned CVE-2018-14847 vulnerabiliity which has long been fixed). Configuration to look out for and remove: System -> Scheduler rules that execute…