In case you haven't noticed, MikroTik RouterOS Stable before version 6.49.7 and in the long-term version up to 6.48.6 contains a vulnerability CVE-2023-30799 that allows an attacker to escalate privileges, but the attacker must be authenticated. However, he can then remotely escalate privileges from admin to super-admin on the Winbox or HTTP interface. This then allows him to execute arbitrary code on the system. Details can be found on GitHub; MikroTik posted this warning. This issue is fixed in all RouterOS versions available on the MikroTik download page (v7.7 and v6.49.7 and newer). According to the colleagues at Bleeping Computer, 900,000 devices are potentially vulnerable to this vulnerability.
Blogs
Links
Social networks
Awards
MVP:
2013 – 2016
WIMVP:
2017 – 2020
Sponsors
(Paypal-Donations)Recent Comments
- guenni on FRITZ!Box 7590 router: The 2.4 GHz WLAN is dying after 5 years
- Pim Joosten on Patchday: Windows Server 2012 / R2 and Windows 7 (November 12, 2024)
- Jorge M. on FRITZ!Box 7590 router: The 2.4 GHz WLAN is dying after 5 years
- Kunal on Windows 11 24H2: Explorer bug opens menu "upwards" – Workaround
- DadaBeatPunk on Script to prevent forced switch from Classic Outlook to New Outlook
Recent Comments
- guenni on FRITZ!Box 7590 router: The 2.4 GHz WLAN is dying after 5 years
- Pim Joosten on Patchday: Windows Server 2012 / R2 and Windows 7 (November 12, 2024)
- Jorge M. on FRITZ!Box 7590 router: The 2.4 GHz WLAN is dying after 5 years
- Kunal on Windows 11 24H2: Explorer bug opens menu "upwards" – Workaround
- DadaBeatPunk on Script to prevent forced switch from Classic Outlook to New Outlook