A critical Super Admin privilege escalation vulnerability threatens over 900,000 MikroTik routers running RouterOS.
The issue is tracked as CVE-2023-30799 and allows attackers who already have an administrator account to elevate their privileges to Super Admin via the Winbox or HTTP interface.
We also wrote about how the Mirai botnet attacks routers and that researchers have discovered more than two hundred vulnerabilities in popular routers.
VulnCheck explains that this problem does not seem serious at first glance. After all, it would seem that if a potential attacker must have administrator privileges in advance, everything is not so bad.
But, unfortunately, this is unlikely to stop intruders, since RouterOS does not prevent brute force attacks, does not impose strict requirements on the administrator password, and also has details of an admin account by default, which has been known for a very long time.
Worse, until October 2021, the default administrator password was an empty string, and this problem was only fixed with the release of RouterOS 6.49. According to researchers, about 60% of MikroTik devices still use this account, although the manufacturer has long recommended deleting it.
The vulnerability was discovered back in June 2022, and MikroTik fixed the problem in October 2022 in the stable version of RouterOS (6.49.7), and on July 19, 2023 a patch for the Long-term branch (6.49.8) was released. VulnCheck notes that fresh patches appeared only after specialists contacted the developers and shared new exploits with them.
According to Shodan statistics, 474,000 devices are vulnerable to CVE-2023-30799 because their control web page is available for remote access. However, since the vulnerability can also be exploited via Winbox (a device management client based on Mikrotik RouterOS), the number of vulnerable devices almost doubles to 926,000 devices.
Router OS Versions on Devices Discovered via Shodan
The researchers explain that Super Admin level privileges have a number of advantages over regular administrator privileges. In fact, the super administrator gets full and unrestricted access to the RouteOS operating system, and such privileges can usually have the underlying software, but not the user.
Let me remind you that information security specialists have already pointed out that some MicroTik routers are vulnerable to hacker attacks.
User Review( votes)