Article 5SW3R 300,000 MikroTik routers are ticking security time bombs, researchers say

300,000 MikroTik routers are ticking security time bombs, researchers say

by
Dan Goodin
from Ars Technica - All content on (#5SW3R)
router-800x534.jpeg

Enlarge (credit: Getty Images)

As many as 300,000 routers made by Latvia-based MikroTik are vulnerable to remote attacks that can surreptitiously corral the devices into botnets that steal sensitive user data and participate in Internet-crippling DDoS attacks, researchers said.

The estimate, made by researchers at security firm Eclypsium, is based on Internet-wide scans that searched for MikroTik devices using firmware versions known to contain vulnerabilities that were discovered over the past three years. While the manufacturer has released patches, the Eclypsium research shows that a significant proportion of users has yet to install them.

Given the challenges of updating MikroTik, there are large numbers of devices with these 2018 and 2019 vulnerabilities," Eclypsium researchers wrote in a post. Collectively, this gives attackers many opportunities to gain full control over very powerful devices, positioning them to be able to target devices both behind the LAN port as well as target other devices on the Internet."

Read 5 remaining paragraphs | Comments

index?i=qdkEqPdSjPU:_BjCLHSk7vI:V_sGLiPB index?i=qdkEqPdSjPU:_BjCLHSk7vI:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments