Security News > 2021 > December > Hundreds of thousands of MikroTik devices still vulnerable to botnets
MikroTik is a Latvian manufacturer of routers and wireless ISPs who has sold over 2,000,000 devices globally.
In August, the Mēris botnet exploited vulnerabilities in MikroTik routers to create an army of devices that performed a record-breaking DDoS attack on Yandex.
Most of the discovered devices are in China, Brazil, Russia, and Italy, while the United States has a significant number of exploitable devices too.
In addition to these guidelines, Eclypsium has released a free MikroTik assessment tool that can check if a device is vulnerable to CVE-2018-14847 and if a scheduler script exists, an indication of Mēris compromise.
MikroTik owners must address the flaws on their devices, as the malware can harm the devices due to extensive cryptomining and make the device a physical part of malicious operations.
Many users have never been in contact with MikroTik and are not actively monitoring their devices.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-08-02 | CVE-2018-14847 | Path Traversal vulnerability in Mikrotik Routeros MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface. | 9.1 |