Security News > 2021 > December > Hundreds of thousands of MikroTik devices still vulnerable to botnets

Hundreds of thousands of MikroTik devices still vulnerable to botnets
2021-12-09 11:00

MikroTik is a Latvian manufacturer of routers and wireless ISPs who has sold over 2,000,000 devices globally.

In August, the Mēris botnet exploited vulnerabilities in MikroTik routers to create an army of devices that performed a record-breaking DDoS attack on Yandex.

Most of the discovered devices are in China, Brazil, Russia, and Italy, while the United States has a significant number of exploitable devices too.

In addition to these guidelines, Eclypsium has released a free MikroTik assessment tool that can check if a device is vulnerable to CVE-2018-14847 and if a scheduler script exists, an indication of Mēris compromise.

MikroTik owners must address the flaws on their devices, as the malware can harm the devices due to extensive cryptomining and make the device a physical part of malicious operations.

Many users have never been in contact with MikroTik and are not actively monitoring their devices.


News URL

https://www.bleepingcomputer.com/news/security/hundreds-of-thousands-of-mikrotik-devices-still-vulnerable-to-botnets/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2018-08-02 CVE-2018-14847 Path Traversal vulnerability in Mikrotik Routeros
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
network
low complexity
mikrotik CWE-22
6.4

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Mikrotik 30 1 59 16 4 80