However, later it was categorized as critical because of the identification of new hacking technique that allowed attackers to carry out remote code execution on affected devices to obtain a root shell. RouterOS software powers the company’s business-grade RouterBOARD brand and ISP/carrier-grade gear. Initially, the vulnerability was rated as of medium severity and researchers believed it affected Winbox management component and a GUI application for Windows in the RouterOS software for MikroTik devices. It is being touted as a much more dangerous flaw than it is being perceived. The vulnerability, identified as CVE-2018-14847, is an old directory traversal flaw, which was patched the same day it was detected in April, 2018. Tenable Research’s cybersecurity researcher has released “By The way,” which is a new PoC (proof-of-concept) RCE attack after identifying a new attack method to exploit an already discovered vulnerability in MikroTik routers.
0 Comments
Leave a Reply. |