A new hacking technique used against vulnerable MikroTik routers gives attackers the ability to execute remote code on affected devices. The technique is yet another security blow against the MikroTik router family. Previous hacks have left the routers open to device failures, cyptojacking and network eavesdropping.
The hacking technique, found by Tenable Research and outlined on Sunday at DerbyCon 8.0 in Louisville, Kentucky, is tied to the existing directory traversal bug (CVE-2018-14847) found and patched in April. That vulnerability was rated medium in severity and impacted Winbox, which is a management component and a Windows GUI application for MikroTik’s RouterOS software.