MikroTik Router WinBox is vulnerable

WinBox is a management component used by administrators to set up their routers using a Web-based interface—and a Windows GUI application for the RouterOS software used by the MikroTik devices.

This management component is affected by a serious bug. The vulnerability, known as CVE-2018-14847, initially rated as medium in severity is now rated critical because a new hacking technique used by hackers gives them access to root shell.
If it is exploited the vulnerability allows hackers to bypass authentication and read arbitrary files by modifying a request to change one byte related to a Session ID.

The exploit first uses directory traversal vulnerability to steal administrator login credentials from user database file and the then writes another file on the system to gain root shell access remotely.
This new exploit allows hackers to hijack MikroTik’s RouterOS system in order to deploy malware payloads or bypass router firewall protections.
The new security flaw is another slap applied to the MikroTik’s face, which was previously targeted by the VPNFilter malware and used in an extensive crypto jacking campaign.

The vulnerabilities impact Mikrotik RouterOS firmware versions before 6.42.7 and 6.40.9.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;

All new MikroTik router vulnerabilities
• CVE-2018-1156—A stack buffer overflow flaw that allows an authenticated remote code execution.
• CVE-2018-1157—A file upload memory exhaustion flaw that allows an authenticated remote attacker to crash the HTTP server.
• CVE-2018-1159—A www memory corruption flaw that could crash the HTTP server by rapidly authenticating and disconnecting.
• CVE-2018-1158—A recursive parsing stack exhaustion issue that could crash the HTTP server via recursive parsing of JSON.

Almost all the vulnerabilities were patched by MikroTik, but a recent scan revealed that 70 percent of routers (which equals to 200,000) are still vulnerable to attack.

Things to do if you want to stay safe and secured:
– If your MikroTik router has not updated its RouterOS, you should do it right now.
– If you are still using default credentials on your router, change them immediately with a unique, long and complex password.

We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.