Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Tenable Researcher Reveals Extended MikroTik Router Vulnerability

    By
    SEAN MICHAEL KERNER
    -
    October 8, 2018
    Share
    Facebook
    Twitter
    Linkedin
      Vulnerabilities

      Routers represent an attractive target for hackers to build botnets and spread malware, especially when the routers have known, unpatched remote code execution vulnerabilities.

      In April, the CVE-2018-14847 vulnerability was first reported in MikroTik routers that have millions of users worldwide. That initial report indicated the scope of the vulnerability was limited and only had moderate impact, but that’s not what Tenable researcher Jacob Baines found. On Oct. 7 at the Derbycon conference, Baines disclosed how attackers can remotely exploit that flaw without the need for any authentication.

      “The fact that we could use a developer back door to root the system and expose the internal network of a company … was the most surprising thing for me,” Baines told eWEEK.

      MikroTik has a large user base, and its routers are deployed in both consumer and enterprise environments, Baines said. MikroTik actually patched the CVE-2018-14847 issue in April, though the initial exploit vector was only given a moderate impact rating. He explained that with the additional exploit vectors he uncovered, MikroTik routers were leaking information that enabled him to get a root shell on vulnerable systems.

      “The CVE-2018-14847 vulnerability is a directory traversal on specific command that enables users to read commands,” Baines explained.

      In a directory traversal attack, hackers run automated tools to get a map of all hidden files and directories. The risk with directory traversal attacks is that files that normally are not exposed can be discovered and mined for sensitive information such as passwords and configuration settings. Baines said he discovered a directory traversal on a different command than what was first reported in April, one that enables a file writing capability that can then be abused to create a root shell. With a root shell, an attacker can have full remote access to a vulnerable device.

      While the attack vector that Baines discovered is a modification and extension of what had previously been disclosed, he said the same patch that MikroTik released in April will protect against the issue he disclosed on Oct. 7. The challenge, he said, is that a lot of users have not patched their devices, perhaps because the initial advisory did not rate the vulnerability as being severe.

      According to Baines, there are still many unpatched MikroTik routers at risk, with as many as 70 percent of vulnerable routers not yet patched.

      Detection

      Baines said Tenable already has plug-ins as part of its security scanning platform to detect the MikroTik router OS vulnerability. Tenable’s security platform includes Security Center for on-premises deployments and tenable.io for the cloud, both of which enable organization to evaluate and manage vulnerabilities.

      As part of his Derbycon talk, Baines released a series of tools on GitHub to help researchers and penetration testers exploit the vulnerability he detailed. He said the tools he released could potentially be ported into the open-source Metasploit framework, making it easier for researchers to test.

      “You’re not supposed to be able to get full root access on these [MikroTik] systems, so a normal user will never be able to tell if they’ve been exploited just by looking at the router,” Baines said. “Users will need some kind of network IDS [intrusion detection system] to be watching traffic for that specific payload.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×