I MikroTik routers they offer a wide range of features, reliable performance, and good community support. They are therefore a really interesting choice for both professionals and Internet providers looking for robust and efficient network solutions. These are versatile, flexible products, equipped with an operating system (RouterOS) which supports a variety of advanced features for managing and configuring networks. RouterOS is compatible with multiple routing protocols, allows the use of VPN, firewall, activation of load balancing and much more. MikroTik routers are also designed to deliver high performance even with intense workloads; moreover, they ensure frequent updates.
However, VulnCheck experts have discovered a dangerous one vulnerability which can potentially affect a wide range of devices connected to the Internet. The CVE-2023-30799 flaw, if exploited, allows a user already in possession of a administrator account up and running to elevate and acquire rights to Super Admin.
Why the CVE-2023-30799 flaw of MikroTik routers is dangerous
MikroTik routers use a default pair of username e password. If these default credentials remain unchanged, anyone can potentially log in with theaccount admin and exploit the vulnerability identified by VulnCheck to acquire even greater rights.
The mass exploitation of security problem it is unlikely because, as mentioned, the attacker must know the valid credentials of an administrator account. However, the researchers point out that MikroTik routers lack a robust protection mechanism against attacks brute forceaimed at guessing the correct passwords for accessing the device.
There are hundreds of thousands of MikroTik routers publicly displaying theadministration interface. For this reason VulnCheck has avoided publishing the codice exploit useful for exploiting the vulnerability in question. “In that case it would have been used shortly after the publication of our technical analysis“, observe the company’s technicians who preferred to tread lightly.
Unlike the admin account, which offers elevated but still limited privileges, the profile Super Admin guarantees full access to the RouterOS operating system. In fact, Super Admin privileges are not something that are normally granted to users: they allow certain software components to act on the behavior of the router at a low level.
This makes the vulnerability invaluable for anyone wishing to perform the jailbreak of the RouterOS device to make significant changes to the underlying operating system or hide its activities.
How to secure routers affected by the vulnerability
After the reports of VulnCheckMikroTik fixed the issue in October 2022 in the stable version of RouterOS (v6.49.7) and then also updated RouterOS Long-term (v6.49.8) as of July 2023. RouterOS Long-term (LT) is a version of the MikroTik operating system that offers long term support and greater stability than the regular releases.
If so the best way to secure routers MikroTik is to download and install the updated firmware, some general attentions should never be set aside. To avoid problems, it is always good to avoid exposing the router’s administration interface on the WAN port: it should never be accessible remotely, especially by those who scan the public IP addresses. If you really need to enable the remote management router, you should only specify a very limited list of IP addresses.
In particular, in the case of MikroTik routers, it is advisable to disable Winbox. It is the graphical user interface (GUI) based management application for configuring and administering routers. It is desktop software that provides an interface user-friendly to access, control and configure devices.
Instead of Winbox you can instead use only SSH taking care to set the router to use public and private keys (asymmetric encryption) rather than simple passwords.