arstechnica.com Open in urlscan Pro
18.216.136.68  Public Scan

Form analysis
2 forms found in the DOM

GET /search/

<form action="/search/" method="GET" id="search_form">
  <input type="hidden" name="ie" value="UTF-8">
  <input type="text" name="q" id="hdr_search_input" value="" aria-label="Search..." placeholder="Search...">
</form>

POST https://arstechnica.com/civis/ucp.php?mode=login

<form id="login-form" action="https://arstechnica.com/civis/ucp.php?mode=login" method="post">
  <input type="text" name="username" id="username" placeholder="Username or Email" aria-label="Username or Email">
  <input type="password" name="password" id="password" placeholder="Password" aria-label="Password">
  <input type="submit" value="Submit" class="button button-orange button-wide" name="login">
  <label id="remember-label">
    <input type="checkbox" name="autologin" id="autologin"> Stay logged in</label> <span>|</span> <a href="/civis/ucp.php?mode=sendpassword">Having trouble?</a>
  <input type="hidden" name="redirect" value="./ucp.php?mode=login&amp;autoredirect=1&amp;return_to=%2Finformation-technology%2F2021%2F12%2F300000-mikrotik-routers-are-ticking-security-time-bombs-researchers-say%2F">
  <input type="hidden" name="return_to" value="/information-technology/2021/12/300000-mikrotik-routers-are-ticking-security-time-bombs-researchers-say/">
  <input type="hidden" name="from_homepage" value="1">
</form>

Text Content

Skip to main content
 * Biz & IT
 * Tech
 * Science
 * Policy
 * Cars
 * Gaming & Culture
 * Store
 * Forums

Subscribe

Close


NAVIGATE

 * Store
 * Subscribe
 * Videos
 * Features
 * Reviews

 * RSS Feeds
 * Mobile Site

 * About Ars
 * Staff Directory
 * Contact Us

 * Advertise with Ars
 * Reprints


FILTER BY TOPIC

 * Biz & IT
 * Tech
 * Science
 * Policy
 * Cars
 * Gaming & Culture
 * Store
 * Forums


SETTINGS

Front page layout


Grid


List


Site theme

Black on white

White on black

Sign in


COMMENT ACTIVITY

Sign up or login to join the discussions!

Stay logged in | Having trouble?
Sign up to comment and more Sign up

GOT PATCHES? —


300,000 MIKROTIK ROUTERS ARE TICKING SECURITY TIME BOMBS, RESEARCHERS SAY


DEVICE OWNERS HAVE YET TO INSTALL PATCHES FOR 3 HIGH-SEVERITY VULNERABILITIES.

Dan Goodin - 12/9/2021, 6:29 PM

Enlarge
Getty Images

READER COMMENTS

103 with 68 posters participating

SHARE THIS STORY

 * Share on Facebook
 * Share on Twitter
 * Share on Reddit

As many as 300,000 routers made by Latvia-based MikroTik are vulnerable to
remote attacks that can surreptitiously corral the devices into botnets that
steal sensitive user data and participate in Internet-crippling DDoS attacks,
researchers said.

The estimate, made by researchers at security firm Eclypsium, is based on
Internet-wide scans that searched for MikroTik devices using firmware versions
known to contain vulnerabilities that were discovered over the past three years.
While the manufacturer has released patches, the Eclypsium research shows that a
significant proportion of users has yet to install them.

“Given the challenges of updating MikroTik, there are large numbers of devices
with these 2018 and 2019 vulnerabilities,” Eclypsium researchers wrote in a
post. “Collectively, this gives attackers many opportunities to gain full
control over very powerful devices, positioning them to be able to target
devices both behind the LAN port as well as target other devices on the
Internet.”


EMBRACED BY SCRIPT KIDDIES AND NATION-STATES ALIKE




FURTHER READING

Potent malware that hid for six years spread through routers
The concern is far from theoretical. In early 2018, researchers at security firm
Kaspersky said that a powerful nation-state malware called Slingshot, which had
gone undetected for six years, initially spread through MikroTik routers. The
attacks downloaded malicious files from vulnerable routers by abusing a MikroTik
configuration utility known as Winbox, which transferred the payloads from the
device file system to a connected computer.



Advertisement



FURTHER READING

Found in the wild: Vault7 hacking tools WikiLeaks says come from CIA
A few months later, researchers at security firm Trustwave discovered two
malware campaigns against MikroTik routers after reverse engineering a CIA tool
leaked in a WikiLeaks series known as Vault7.

Also in 2018, China's Netlab 360 reported that thousands of MikroTik routers had
been swept into a botnet by malware attacking a vulnerability tracked as
CVE-2018-14847.

The Eclypsium researchers said that CVE-2018-14847 is one of at least three
high-severity vulnerabilities that remains unpatched in the Internet-connected
MikroTik devices they tracked. Combined with two other vulnerabilities located
in Winbox—CVE-2019-3977 and CVE-2019-3978—Eclypsium found 300,000 vulnerable
devices. Once hackers infect a device, they typically use it to launch further
attacks, steal user data, or participate in distributed denial-of-service
attacks.

The researchers have released a free software tool that people can use to detect
if their MikroTik device is either vulnerable or infected. The company also
provides other suggestions for locking down the devices. As always, the best way
to secure a device is to ensure it’s running the latest firmware. It’s also
important to replace default passwords with strong ones and turn off remote
administration unless it’s necessary.



READER COMMENTS

103 with 68 posters participating

SHARE THIS STORY

 * Share on Facebook
 * Share on Twitter
 * Share on Reddit

Dan Goodin Dan is the Security Editor at Ars Technica, which he joined in 2012
after working for The Register, the Associated Press, Bloomberg News, and other
publications.
Email dan.goodin@arstechnica.com // Twitter @dangoodin001

Advertisement


You must login or create an account to comment.




CHANNEL ARS TECHNICA

UNSOLVED MYSTERIES OF QUANTUM LEAP WITH DONALD P. BELLISARIO

Today "Quantum Leap" series creator Donald P. Bellisario joins Ars Technica to
answer once and for all the lingering questions we have about his enduringly
popular show. Was Dr. Sam Beckett really leaping between all those time periods
and people or did he simply imagine it all? What do people in the waiting room
do while Sam is in their bodies? What happens to Sam's loyal ally Al? 30 years
following the series finale, answers to these mysteries and more await.

 * UNSOLVED MYSTERIES OF QUANTUM LEAP WITH DONALD P. BELLISARIO

 * UNSOLVED MYSTERIES OF WARHAMMER 40K WITH AUTHOR DAN ABNETT

 * SITREP: F-16 REPLACEMENT SEARCH A SIGNAL OF F-35 FAIL?

 * SITREP: BOEING 707

 * STEVE BURKE OF GAMERSNEXUS REACTS TO THEIR TOP 1000 COMMENTS ON YOUTUBE

 * MODERN VINTAGE GAMER REACTS TO HIS TOP 1000 COMMENTS ON YOUTUBE

 * HOW THE NES CONQUERED A SKEPTICAL AMERICA IN 1985

 * SCOTT MANLEY REACTS TO HIS TOP 1000 YOUTUBE COMMENTS

 * HOW HORROR WORKS IN AMNESIA: REBIRTH, SOMA AND AMNESIA: THE DARK DESCENT

 * LGR'S CLINT BASINGER REACTS TO HIS TOP 1000 YOUTUBE COMMENTS

 * THE F-35'S NEXT TECH UPGRADE

 * HOW ONE GAMEPLAY DECISION CHANGED DIABLO FOREVER

 * UNSOLVED MORTAL KOMBAT MYSTERIES WITH DOMINIC CIANCIOLO FROM NETHERREALM
   STUDIOS

 * US NAVY GETS AN ITALIAN ACCENT

 * HOW AMAZON’S “UNDONE” ANIMATES DREAMS WITH ROTOSCOPING AND OIL PAINTS

 * FIGHTER PILOT BREAKS DOWN EVERY BUTTON IN AN F-15 COCKPIT

 * HOW NBA JAM BECAME A BILLION-DOLLAR SLAM DUNK

 * LINUS "TECH TIPS" SEBASTIAN REACTS TO HIS TOP 1000 YOUTUBE COMMENTS

 * HOW ALAN WAKE WAS REBUILT 3 YEARS INTO DEVELOPMENT

 * HOW PRINCE OF PERSIA DEFEATED APPLE II'S MEMORY LIMITATIONS

 * HOW CRASH BANDICOOT HACKED THE ORIGINAL PLAYSTATION

 * MYST: THE CHALLENGES OF CD-ROM | WAR STORIES

 * MARKIPLIER REACTS TO HIS TOP 1000 YOUTUBE COMMENTS

 * HOW MIND CONTROL SAVED ODDWORLD: ABE'S ODDYSEE

 * BIOWARE ANSWERS UNSOLVED MYSTERIES OF THE MASS EFFECT UNIVERSE

 * CIVILIZATION: IT'S GOOD TO TAKE TURNS | WAR STORIES

 * SITREP: DOD RESETS BALLISTIC MISSILE INTERCEPTOR PROGRAM

 * WARFRAME'S REBECCA FORD REVIEWS YOUR CHARACTERS

 * SUBNAUTICA: A WORLD WITHOUT GUNS | WAR STORIES

 * HOW SLAY THE SPIRE’S ORIGINAL INTERFACE ALMOST KILLED THE GAME | WAR STORIES

 * AMNESIA: THE DARK DESCENT - THE HORROR FACADE | WAR STORIES

 * COMMAND & CONQUER: TIBERIAN SUN | WAR STORIES

 * BLADE RUNNER: SKINJOBS, VOXELS, AND FUTURE NOIR | WAR STORIES

 * DEAD SPACE: THE DRAG TENTACLE | WAR STORIES

 * TEACH THE CONTROVERSY: FLAT EARTHERS

 * DELTA V: THE BURGEONING WORLD OF SMALL ROCKETS, PAUL ALLEN'S HUGE PLANE, AND
   SPACEX GETS A CRUCIAL GREEN-LIGHT

 * CHRIS HADFIELD EXPLAINS HIS 'SPACE ODDITY' VIDEO

 * THE GREATEST LEAP, EPISODE 1: RISK

 * ULTIMA ONLINE: THE VIRTUAL ECOLOGY | WAR STORIES

More videos
← Previous story Next story →


RELATED STORIES

Sponsored Stories
Hier sind 25 der coolsten Geschenke für 2021 The Best Gift
The Popularity Of Urtopia Carbon E-bike Is Through The Roof. Urtopia Smart
E-bike
The industry 4.0 revolution is coming. Here are the 4 ways to get ready.
Tracelink
Here Are The 29 Coolest Gifts For 2021 Trending Gadgets
Mit Diesem Kleinen Teleskop Können Sie Kilometerweit Sehen Best Pick
[Pics] Do you Remember Him? This Is Him At 63 Best Of Senior
Recommended by



TODAY ON ARS

 * Store
 * Subscribe
 * About Us
 * RSS Feeds
 * View Mobile Site

 * Contact Us
 * Staff
 * Advertise with us
 * Reprints


NEWSLETTER SIGNUP

Join the Ars Orbital Transmission mailing list to get weekly updates delivered
to your inbox.

Sign me up →

CNMN Collection
WIRED Media Group
© 2021 Condé Nast. All rights reserved. Use of and/or registration on any
portion of this site constitutes acceptance of our User Agreement (updated
1/1/20) and Privacy Policy and Cookie Statement (updated 1/1/20) and Ars
Technica Addendum (effective 8/21/2018). Ars may earn compensation on sales from
links on this site. Read our affiliate link policy.
Your California Privacy Rights | Manage Preferences
The material on this site may not be reproduced, distributed, transmitted,
cached or otherwise used, except with the prior written permission of Condé
Nast.
Ad Choices





WE CARE ABOUT YOUR PRIVACY

We and our partners store and/or access information on a device, such as unique
IDs in cookies to process personal data. You may accept or manage your choices
by clicking below or at any time in the privacy policy page. These choices will
be signaled to our partners and will not affect browsing data.


WE AND OUR PARTNERS PROCESS DATA TO PROVIDE:

Use precise geolocation data. Actively scan device characteristics for
identification. Store and/or access information on a device. Personalised ads
and content, ad and content measurement, audience insights and product
development. List of Partners (vendors)

I Accept
Show Purposes