Express Computer


Home  »  Security  »  New router vulnerabilities expose over half million public-facing targets: Research

New router vulnerabilities expose over half million public-facing targets: Research

SecurityNews
By Express Computer
0 214

Tenable has published details of multiple vulnerabilities it found in MikroTik RouterOS, with an estimated half a million vulnerable public-facing targets.

CVE-2019-3976: Relative Path Traversal in NPK Parsing
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package’s name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled.

- Advertisement -

CVE-2019-3977: Insufficient Validation of Upgrade Package’s Origin
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into “upgrading” to an older version of RouterOS and possibly resetting all the system’s usernames and passwords.

- Advertisement -

CVE-2019-3978: Insufficient Protections of a Critical Resource (DNS Requests/Cache)
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker’s choice. The DNS responses are cached by the router, potentially resulting in cache poisoning.

CVE-2019-3979: Improper DNS Response Handling
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router’s DNS cache via malicious responses with additional and untrue records.

By chaining these disclosed vulnerabilities (CVE-2019-3976, CVE-2019-3977, CVE-2019-3978, and CVE-2019-3979) together, an unauthenticated remote attacker could gain root access on the system, downgrade the router’s OS, reset the system passwords and potentially gain a root shell.

Mikrotik has issued a patch to fix these vulnerabilities and users are urged to upgrade to version 6.45.7 Stable or 6.44.6 Long-term or newer.


If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]

Advertisement

Advertisement

Get real time updates directly on you device, subscribe now.

Express Computer

Express Computer is one of India's most respected IT media brands and has been in publication for 24 years running. We cover enterprise technology in all its flavours, including processors, storage, networking, wireless, business applications, cloud computing, analytics, green initiatives and anything that can help companies make the most of their ICT investments. Additionally, we also report on the fast emerging realm of eGovernance in India.

Subscribe to our newsletter
Sign up here to get the latest news, updates delivered directly to your inbox.
You can unsubscribe at any time
You might also like More from author
Leave A Reply

Your email address will not be published.