image credit: Adobe Stock

Critical MikroTik RouterOS Vulnerability Exposes Over Half a Million Devices to Hacking

July 26, 2023

A severe privilege escalation issue impacting MikroTik RouterOS could be weaponized by remote malicious actors to execute arbitrary code and seize full control of vulnerable devices.

Cataloged as CVE-2023-30799 (CVSS score: 9.1), the shortcoming is expected to put approximately 500,000 and 900,000 RouterOS systems at risk of exploitation via their web and/or Winbox interfaces, respectively, VulnCheck disclosed in a Tuesday report.

“CVE-2023-30799 does require authentication,” security researcher Jacob Baines said. “In fact, the vulnerability itself is a simple privilege escalation from admin to ‘super-admin’ which results in access to an arbitrary function. Acquiring credentials to RouterOS systems is easier than one might expect.”

Read More on The Hacker News