25 matches found
Exploit for Path Traversal in Mikrotik Routeros
By the Way By the Way is an exploit that enables a root shell...
Botnet of Thousands of MikroTik Routers Abused in Glupteba, TrickBot Campaigns
Vulnerable routers from MikroTik have been misused to form what cybersecurity researchers have called one of the largest botnet-as-a-service cybercrime operations seen in recent years. According to a new piece of research published by Avast, a cryptocurrency mining campaign leveraging the...
TrickBot Malware Abusing MikroTik Routers as Proxies for Command-and-Control
Microsoft on Wednesday detailed a previously undiscovered technique put to use by the TrickBot malware that involves using compromised Internet of Things IoT devices as a go-between for establishing communications with the command-and-control C2 servers. "By using MikroTik routers as proxy server...
Exploit for Path Traversal in Mikrotik Routeros
This is a proof of concept PoC exploit for the critical WinBox vulnerability CVE-2018-14847 that allows for arbitrary file read of plain text passwords. The vulnerability has been fixed, but the project is no longer supported or updated. The exploit is written in Python and uses the socket librar...
Yandex Pummeled by Potent Meris DDoS Botnet
Technical details tied to a record-breaking distributed-denial-of-service DDoS attack against Russian internet behemoth Yandex are surfacing as the digital dust settles. A massive botnet, dubbed Mēris, is believed responsible, flooding Yandex with millions of HTTP requests for webpages at the sam...
Exploit for Path Traversal in Mikrotik Routeros
Mikrotik Login Exploit PoC Proof of Concept dari vulnerabili...
Huawei Router Flaw Leaks Default Credential Status
A vulnerability in some Huawei routers used for carrier ISP services allows cybercriminals to identify whether the devices have default credentials or not – without ever connecting to them. CVE-2018-7900 exists in the router panel and allows credentials information to leak – so attackers can simp...
Fake browser update seeks to compromise more MikroTik routers
This blog post was authored by @hasherezade and Jérôme Segura. MikroTik, a Latvian company that makes routers and ISP wireless systems, has been dealing with several vulnerabilities affecting its products' operating system over the past few months. Ever since a critical flaw in RouterOS was...
MicroTik RouterOS 6.43rc3 - Remote Root
MicroTik RouterOS 6.43rc3 - Remote Root / Exploit Title: RouterOS Remote Rooting Date: 10/07/2018 Exploit Author: Jacob Baines Vendor Homepage: www.mikrotik.com Software Link: https://mikrotik.com/download Version: Longterm: 6.30.1 - 6.40.7 Stable: 6.29 - 6.42 Beta: 6.29rc1 - 6.43rc3 Tested on:...
MicroTik RouterOS < 6.43rc3 - Remote Root Exploit
/ Exploit Title: RouterOS Remote Rooting Exploit Author: Jacob Baines Vendor Homepage: www.mikrotik.com Software Link: https://mikrotik.com/download Version: Longterm: 6.30.1 - 6.40.7 Stable: 6.29 - 6.42 Beta: 6.29rc1 - 6.43rc3 Tested on: RouterOS Various CVE : CVE-2018-14847 By the Way is an...
Mikrotik RouterOS Remote Root
/ Exploit Title: RouterOS Remote Rooting Date: 10/07/2018 Exploit Author: Jacob Baines Vendor Homepage: www.mikrotik.com Software Link: https://mikrotik.com/download Version: Longterm: 6.30.1 - 6.40.7 Stable: 6.29 - 6.42 Beta: 6.29rc1 - 6.43rc3 Tested on: RouterOS Various CVE : CVE-2018-14847 By...
MicroTik RouterOS < 6.43rc3 - Remote Root
/ Exploit Title: RouterOS Remote Rooting Date: 10/07/2018 Exploit Author: Jacob Baines Vendor Homepage: www.mikrotik.com Software Link: https://mikrotik.com/download Version: Longterm: 6.30.1 - 6.40.7 Stable: 6.29 - 6.42 Beta: 6.29rc1 - 6.43rc3 Tested on: RouterOS Various CVE : CVE-2018-14847 By...
MikroTik router vulnerability lets hackers bypass firewall to load malware undetected
By Waqas Tenable Research’s cybersecurity researcher has released “By The way,” which is a new PoC proof-of-concept RCE attack after identifying a new attack method to exploit an already discovered vulnerability in MikroTik routers. The vulnerability, identified as CVE-2018-14847, is an old...
PoC Attack Escalates MikroTik Router Bug to ‘As Bad As It Gets’
A new hacking technique used against vulnerable MikroTik routers gives attackers the ability to execute remote code on affected devices. The technique is yet another security blow against the MikroTik router family. Previous hacks have left the routers open to device failures, cyptojacking and...
Thousands of MikroTik Routers Hacked to Eavesdrop On Network Traffic
Last month we reported about a widespread crypto-mining malware campaign that hijacked over 200,000 MikroTik routers using a previously disclosed vulnerability revealed in the CIA Vault 7 leaks. Now Chinese security researchers at Qihoo 360 Netlab have discovered that out of 370,000 potentially...
CVE-2018-14847
creationtimestamp| type| source ---|---|--- 2018-09-04 08:51:50+00:00| seen| MISP/5b8e46ef-a8b4-4059-8c5c-4cc0950d210f 2018-09-04 16:19:46+00:00| exploited| https://t.me/SecLabNews/3063 2018-09-05 10:41:49+00:00| exploited| https://t.me/mtikpro/98 2018-09-05 16:12:57+00:00| exploited|...
Mikrotik WinBox 6.42 - Credential Disclosure (golang)
Mikrotik WinBox 6.42 - Credential Disclosure golang / Title: Mikrotik WinBox 6.42 - Credential Disclosure golang edition Author: Maxim Yefimenko @slider Date: 2018-08-06 Sotware Link: https://mikrotik.com/download Vendor Page: https://www.mikrotik.com/ Version: 6.29 - 6.42 Tested on: Fedora 28 ...
Mikrotik WinBox 6.42 Credential Disclosure
/ Title: Mikrotik WinBox 6.42 - Credential Disclosure golang edition Author: Maxim Yefimenko @slider Date: 2018-08-06 Sotware Link: https://mikrotik.com/download Vendor Page: https://www.mikrotik.com/ Version: 6.29 - 6.42 Tested on: Fedora 28 \ Debian 9 \ Windows 10 \ Android wherever it was...
Mikrotik WinBox 6.42 - Credential Disclosure (golang)
/ Title: Mikrotik WinBox 6.42 - Credential Disclosure golang edition Author: Maxim Yefimenko @slider Date: 2018-08-06 Sotware Link: https://mikrotik.com/download Vendor Page: https://www.mikrotik.com/ Version: 6.29 - 6.42 Tested on: Fedora 28 \ Debian 9 \ Windows 10 \ Android wherever it was...
MikroTik RouterOS Winbox Authentication Bypass (CVE-2018-14847)
An authentication bypass vulnerability exists in the Winbox component of Mikrotik RouterOS. A remote attacker could exploit this flaw by sending specially crafted packets to the affected server. Successful exploitation of this vulnerability would allow a remote attacker to hijack a user's session...