Security News > 2021 > September > MikroTik shares info on securing routers hit by massive Mēris botnet
Latvian network equipment manufacturer MikroTik has shared details on customers can secure and clean routers enslaved by the massive Mēris DDoS botnet over the summer.
"As far as we have seen, these attacks use the same routers that were compromised in 2018, when MikroTik RouterOS had a vulnerability, that was quickly patched," a MicroTik spokesperson told BleepingComputer.
According to Qrator Labs researchers who provided details on the Yandex attack, Mēris - a botnet derived from Mirai malware code - is now controlling roughly 250,000 devices, most of them MikroTik network gateways and routers.
MikroTik also shared info on how to clean and secure gateways compromised by this botnet in a blog post published today.
The network equipment vendor urges customers to choose strong passwords that should defend their devices from brute-force attacks and keep them up to date to block CVE-2018-14847 Winbox exploits used by the Mēris botnet.
"We have tried to reach all users of RouterOS about this, but many of them have never been in contact with MikroTik and are not actively monitoring their devices. We are working on other solutions too," MikroTik added.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-02 | CVE-2018-14847 | Path Traversal vulnerability in Mikrotik Routeros MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface. | 6.4 |