One of Tenable released new CVE on February 21 describes a security vulnerability that enables a TCP / UDP request to be forwarded via the router’s Winbox port if it is open to the Internet. Tenable had previously contacted MikroTik about this problem, so a fix was released on all RouterOS channels on February 11, 2019.
The problem does not affect RouterBOARD devices with a standard configuration if the “Firewall router” check box remains activated. The problem is NOT a risk to the router itself. The file system is not vulnerable. The problem only allows connections to be redirected when the port is open. The device itself is safe.
The problem was fixed in:
- 6.43.12 (2019-02-11 14:39)
- 6.44beta75 (2019-02-11 15:26)
- 6.42.12 (2019-02-12 11:46)
As always, MikroTik recommends that all users keep their devices up to date in order to be protected against all known security vulnerabilities and to ensure that the administrative ports of their routers are protected from untrusted networks. The “IP Services” menu, in which you can protect the “Winbox” service, also affects the “Dude Agent” service. Having limited access with this menu will protect you from this problem as well.
You can find the original MikroTik blog post here:
https://blog.mikrotik.com/security/cve-20193924-dude-agent-vulnerability.html
Please do not hesitate to contact us for any questions or assistance in implementing the important updates.
We will be happy to call you back if you have any further questions about the MikroTik firmware update.
[contact-form-7 id=”2670″ title=”Rückruf MikroTik Update Post 4642″]