MikrotikEnglish • 1 year ago

Exploiting MikroTik RouterOS Hardware with CVE-2023-30799

6

Exploiting MikroTik RouterOS Hardware with CVE-2023-30799

MikrotikEnglish • 1 year ago

Exploiting MikroTik RouterOS Hardware with CVE-2023-30799 - Blog - VulnCheck

VulnCheck develops an exploit that gets a root shell on MikroTik RouterOS.

Up until version 6.49.8 (July 20, 2023), MikroTik RouterOS Long-term was vulnerable to CVE-2023-30799. Remote and authenticated attackers can use the vulnerability to get a root shell on the router.

Chat

@rayman30OPM
link
English
1•1 year ago
Makes me wonder why the default config enables those services on the outside interface anyway.

Mikrotik

[email protected]

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]

A community-contributed sublemmy for all things Mikrotik. General ISP and network discussion also permitted. Please ensure if you’re asking a question you have checked the Wiki First: https://help.mikrotik.com

Mikrotik Rules: Don’t post content that is incorrect or potentially harmful to a router/network.

This in itself is not a bannable offence but answers that are verifiably incorrect or will cause issues for other users will be edited or removed.

Examples: Factual errors - “EOIP is always unsecure” Configuration problems - Config that would disable all physical interfaces on a router Trolling - “Downgrade it to 5.26”

8 users / day
8 users / week
9 users / month
80 users / 6 months
220 subscribers
43 Posts
63 Comments
Modlog

mods:
@rayman30