The resolver can be reached via Winbox by sending messages to the system resolver.
A possible attack vector is via Winbox on port 8291 if this port is open to untrusted networks. They writes that the router is affected even if DNS is not enabled. MikroTik has published a blog post about the DNS poisioning vulnerability that exists up to RouterOS 6.45.6. Tenable security researchers suggest disabling Winbox and using SSH. Tenable has published the details of the vulnerabilities in this blog post.īy simply deactivating Winbox, all these attacks are mitigated and probably cannot be executed anymore. You can downgrade the router's OS or reset system passwords. Please secure your router after downgrading.)īy combining these four vulnerabilities, attackers gain root access to the system.
Password Reset (Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. 
Downgrade Attack (RouterOS's upgrade mechanism is conducted entirely over HTTP, the packages themselves are signed, but, due to a bug, routers can be tricked into downgrading to an older version of RouterOS). DNS Cache Poisoning (By default, RouterOS has the DNS server feature disabled). Unauthenticated DNS Requests (The RouterOS terminal supports the resolve command for DNS lookups). In the MikroTik RouterOS there are four vulnerabilities, which the manufacturer has closed only in the version 6.45.7 of the firmware. Four vulnerabilities in MikroTik RouterOS Tenable expects half a million potential targets. A short supplement from last week, in which Tenable told me about the vulnerabilities.
0 kommentar(er)
