CVE-2018-14847

Name of the Vulnerable Software and Affected Versions MikroTik RouterOS versions prior to 6.42

Description The issue is caused by a directory traversal vulnerability in the WinBox interface of MikroTik RouterOS, allowing unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files. This vulnerability has been exploited by various malware, including TrickBot, to compromise routers and use them as proxies for command and control (C2) communication. More than 200,000 MikroTik routers worldwide are controlled by attackers, and these compromised devices are used for various malicious activities, including DDoS attacks and cryptojacking.

Recommendations To secure their routers, users are advised to update their devices with the latest security patches, set strong passwords, and disable external access to the administration interface. As a temporary workaround, consider disabling the WinBox interface until a patch is available. Restrict access to the administration interface to minimize the risk of exploitation. Avoid using default passwords and ensure that all passwords are strong and unique. Keep the RouterOS software up to date with the latest security patches.