A few days ago security company named Tenable released a report about a series of vulnerabilities in Mikrotik devices. Mikrotik routers are widely used not only in company internal networks and for SOHO installations – many devices of this manufacturer also work in data centers, providing site-to-site VPN access.
Software bug allows hacker to use Winbox protocol (tcp/8291), which is used to connect an external device configuration utility. An attacker has the ability to replace software update servers with own one and download either firmware with a default password to the device or generate a special update package containing malicious code.
This series of vulnerabilities received identifiers CVE-2019-3976, CVE-2019-3977, CVE-2019-3978, CVE-2019-3979. The developer has already released software updates for Mikrotik devices, RouterOS versions with patches are numbered 6.45.7 (stable), 6.44.6 (long-term) and 6.46beta59 (testing).
We recommend that all users using Mikrotik products immediately schedule maintenance and upgrade their RouterOS-based devices. There will also be justified step to turn off access to Winbox completely or use filters to access this protocol only with trusted IP-addresses.