However, Jacob Baines, a reverse engineer at Tenable, says that roughly 85% of consumer and enterprise-grade routers remain unpatched. What’s the point of a patch?Īfter being reported by Tenable researchers on September 11, MikroTik developed fixes and released RouterOS version 6.45.7 Stable and 6.44.6 Long-term on October 28 to resolve the security flaws. The security flaws include unauthenticated remote DNS cache poisoning via Winbox even when DNS is not enabled.Īn insufficient package validation issue is also affecting the RouterOS packaging and upgrade systems, potentially exposing them to man-in-the-middle ( MitM) attacks.Īccording to the hardware manufacturer, “an attacker can abuse these vulnerabilities to downgrade a router’s installed RouterOS version, possibly lock the user out of the system, possibly disable the system.” This is despite the release of a batch of security updates last month for the issues impacting MikroTik RouterOS 6.45.6 and below. The majority of consumer and enterprise routers produced by MikroTik are at risk of device hijacking and remote DNS cache poisoning, a security researcher has warned. The company says there is little more it can do to push firmware upgrades beyond ‘knocking on doors’
0 Comments
Leave a Reply. |