Mēris botnet

15th Sep, 2021 | Security

In early September 2021 QRATOR labs published an article about a new wave of DDoS attacks, which are originating from a botnet involving MikroTik devices.

As far as we have seen, these attacks use the same routers that were compromised in 2018, when MikroTik RouterOS had a… Full story


2nd Jun, 2021 | Security

In beginning of May 2021, a security research group from Belgium published a set of vulnerabilities they call "Frag Attacks" (from Fragmentation Attack), which affect all modern security protocols of Wi-Fi. Not all the published issues affect MikroTik products, but those that were found to be potentially affecting RouterOS… Full story

Upgraded package signatures

10th Mar, 2021 | Security

The RouterOS package signing procedure has been upgraded, to use new algorithms and utilize state of the art security hardware. It will also add a possibility to verify the integrity of existing installations.

The new updated package signing procedure provides additional security to prevent installation of malicious software.

Best security… Full story

DNS cache poisoning vulnerability

28th Oct, 2019 | Security

Tenable has identified a vulnerability in RouterOS DNS implementation. RouterOS 6.45.6 and below is vulnerable to unauthenticated remote DNS cache poisoning via Winbox. The router is impacted even when DNS is not enabled.

One possible attack vector is via Winbox on port 8291 if this port is open to untrusted… Full story

Package validation and upgrade vulnerability

28th Oct, 2019 | Security

Tenable has identified a couple of issues with RouterOS packaging and upgrade systems. The upgrade system used by RouterOS 6.45.5 and below is vulnerable to man in the middle attacks and insufficient package validation. An attacker can abuse these vulnerabilities to downgrade a router's installed RouterOS version, possibly lock the… Full story

CVE-2019-11477, CVE-2019-11478, CVE-2019-11479

20th Jun, 2019 | Security


Netflix has identified several TCP networking vulnerabilities in the Linux kernel that is used in RouterOS. The vulnerabilities can trigger denial of service if the RouterOS system is attacked from an insufficiently protected network interface (port). Firewall can protect against the issue.

MikroTik has already applied the necessary patches… Full story


2nd Jun, 2019 | Security


Tenable has published a potential vulnerability in older RouterOS versions where an attacker can retrieve the password hash of a RouterOS username via a complex man-in-the-middle attack over port 8291. The attacker must be able to intercept a valid RouterOS user login attempt, so he must be located in… Full story

CVE-2019-3924 Dude agent vulnerability

22nd Feb, 2019 | Security

On February 21, Tenable published a new CVE, describing a vulnerability, which allows to proxy a TCP/UDP request through the routers Winbox port, if it's open to the internet. Tenable had previously contacted MikroTik about this issue, so a fix has already been released on February 11, 2019 in… Full story

CVE-2018-14847 winbox vulnerability

9th Oct, 2018 | Security

A cybersecurity researcher from Tenable Research has released a new proof-of-concept (PoC) RCE attack for an old directory traversal vulnerability that was found and patched within a day of its discovery in April this year, the new attack method found by Tenable Research exploits the same vulnerability, but takes it… Full story

CVE-2018-115X issues discovered by Tenable

23rd Aug, 2018 | Security

MikroTik was contacted by Tenable Inc. who had discovered several issues in RouterOS web server. The issues only affect authenticated users, meaning, to exploit them, there must be a known username and password on the device. Your data, access to the system and configuration are not under risk. All the… Full story

← Older posts