[GTER] Advisory: Vulnerability exploiting the Winbox port

Douglas Fischer fischerdouglas at gmail.com
Mon Apr 23 10:44:28 -03 2018

O cara que deixa a gerência aberta para qualquer origem tem mais é que se
danar mesmo...

Isso vale para Cisco, MK, Juniper e qualquer outra coisa!

2018-04-23 9:20 GMT-03:00 Andre Almeida <andre at bnet.com.br>:

> https://forum.mikrotik.com/viewtopic.php?f=21&t=133533
> We have discovered a new RouterOS vulnerability affecting all RouterOS
> versions since v6.29.
> *How it works*: The vulnerability allowed a special tool to connect to the
> Winbox port, and request the system user database file.
> *Versions affected*: 6.29 to 6.43rc3 (included). Updated versions in all
> release chains coming ASAP.
> *Am I affected?* Currently there is no sure way to see if you were
> affected. If your Winbox port is open to untrusted networks, assume that
> you are affected and upgrade + change password + add firewall. The log may
> show unsuccessful login attempt, followed by a succefful login attempt from
> unknown IP addresses.
> *What do do*: 1) *Firewall* the Winbox port from the public interface, and
> from untrusted networks. It is best, if you only allow known IP addresses
> to connect to your router to any services, not just Winbox. We suggest this
> to become common practice. As an alternative, possibly easier, use the "IP
> -> Services" menu to specify "*Allowed From*" addresses. Include your LAN,
> and the public IP that you will be accessing the device from. 2) *Change
> your passwords. *
> *What to expect in the coming hours/days*: Updated RouterOS versions coming
> ASAP. RouterOS user database security will be hardened, and deciphering
> will no longer be possible in the same manner.
> Andre
> --
> gter list    https://eng.registro.br/mailman/listinfo/gter

Douglas Fernando Fischer
Engº de Controle e Automação

More information about the gter mailing list