Sep 7, 2017 - You can create a completely different set of servlet pages for each. Radius - send the attribute identified with in text string form to the. Additional software (except web browser with JavaScript support, of course). /ip service set www-ssl certificate=Webfig disabled=no. Ip address, system identity, ROS version and RouterBOARD model in following format.
![Identification Identification](/uploads/1/2/5/4/125438371/160215613.jpg)
The experts at Tenable Research presented the technique on October 7 at DerbyCon 8.0 during the talk, it leverages a known directory traversal flaw tracked as. The vulnerability was rated medium in severity was discovered in April, it affects the Winbox, that is a management console for MikroTik’s RouterOS software.
In the past months, MikroTik devices running RouterOS by malicious code that includes the exploit for the vulnerability. The Chimay Red hacking tool leverages 2 exploits, the Winbox Any Directory File Read (CVE-2018-14847) and Webfig Remote Code Execution Vulnerability. Now Tenable Research devised a new attack technique that exploits the same CVE-2018-14847 issue to execute arbitrary code on the target device. “The vulnerabilities include CVE-2018-1156 — an authenticated remote code execution (RCE) — as well as a file upload memory exhaustion (CVE-2018-1157), a www memory corruption (CVE-2018-1159) and a recursive parsing stack exhaustion (CVE-2018-1158).
The most critical of these vulnerabilities is the authenticated RCE, which would allow attackers to potentially gain full system access. They were tested against RouterOS 6.42.3 (release date: ) using the x86 ISO.” reads a published by Tenable Research. “All of these vulnerabilities require authentication (essentially legitimate credentials). If the authenticated RCE vulnerability (CVE-2018-1156) is used against routers with default credentials, an attacker can potentially gain full system access, granting them the ability to divert and reroute traffic and gain access to any internal system that uses the router.” Jacob Baines, the Tenable researcher who devised the attack technique, also made a proof of concept of the attack, he explained that it is possible to trigger a stack buffer overflow in the sprintf function of the licupgr binary. Unfortunately, the experts revealed that only approximately 30 percent of vulnerable modems have been patched, this means that roughly 200,000 routers could be hacked.
The good news is that currently, experts are not aware of the technique being exploited in the wild. “Based on Shodan analysis, there are hundreds of thousands of Mikrotik deployments worldwide, with strong concentrations in Brazil, Indonesia, China, the Russian Federation and India. As of October 3, 2018, approximately 35,000 – 40,000 devices display an updated, patched version. ” concludes Tenable Research. Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at 'Cyber Defense Magazine', Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London.
The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog 'Security Affairs' recently named a Top National Security Resource for US. Pierluigi is a member of the 'The Hacker News' team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books 'The Deep Dark Web' and “Digital Virtual Currency and Bitcoin”.