Routeros Authentication Bypass Vulnerability — Mikrotik

: The flaw allows for arbitrary function calls, which can be leveraged to gain a root shell on the underlying operating system.

def read_file(router_ip, file_path): sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.connect((router_ip, 8291)) mikrotik routeros authentication bypass vulnerability

As of this article's publication, thousands of devices remain unpatched. If you are responsible for even one MikroTik router, verify its version immediately. If it’s running 6.49.7 or 7.8 or lower, schedule a maintenance window for , not next month. : The flaw allows for arbitrary function calls,

Multiple high-severity authentication bypass vulnerabilities have been discovered in MikroTik RouterOS over the past several years. The most notorious of these (CVE-2018-14847) allows an unauthenticated attacker to read arbitrary files from the router’s filesystem and, in many cases, escalate to full administrative control. Despite patches being available since 2018, thousands of devices remain vulnerable due to poor update hygiene. If it’s running 6