Skip links
Therapist Sign In

Mikrotik 6.47.10 Exploit ❲Windows NEWEST❳

In late 2023, a Mirai variant (dubbed MikroTik_spray) specifically targeted 6.47.10. The exploit chain was terrifyingly efficient:

Remediation difficulty: Even after rebooting, the script persisted in the startup folder. Reinstalling the firmware was the only cure.

MikroTik is a Latvian company that specializes in producing networking equipment and software. Their RouterOS, a software that runs on their devices, is widely used globally for its robust features and cost-effectiveness. MikroTik devices are popular among small to medium-sized businesses, internet service providers, and even home users for their reliability and extensive configuration capabilities. mikrotik 6.47.10 exploit

If the version is so vulnerable, why is it still alive? Three reasons:

  • Change the default port: Security through obscurity helps against automated scans.
  • Disable Unused Services: Turn off SMB, Webfig, and SSH if not needed.
  • Allow List Only: Set allowed IP addresses for management.
  • The Nuclear Option: Update to 6.49.13 (the final v6 stable) or migrate to RouterOS v7.13+ . Version 6.49.13 patches the file read and SMB overflow.

    • The exploit in question targets a specific version of MikroTik's RouterOS, namely version 6.47.10. This version, like any software, has its vulnerabilities, and in this case, a critical vulnerability was discovered that could allow an attacker to execute arbitrary code on the device. This type of vulnerability is particularly dangerous because it can enable an attacker to gain unauthorized access to the device, potentially leading to data breaches, network intrusions, and other malicious activities. In late 2023, a Mirai variant (dubbed MikroTik_spray

    | CVE | Component | Impact | |------|------------|--------| | CVE-2020-20216 | WinBox | Arbitrary file read (authentication bypass) | | CVE-2019-3976 | RouterOS | Firewall bypass via crafted DNS packet | | CVE-2018-1156 | Webfig | Directory traversal | | CVE-2018-1157 | WinBox | Arbitrary file write | | CVE-2018-7445 | SMB service | Buffer overflow (if SMB enabled) |

    CVE-2020-20216 (most critical for 6.47.10) Change the default port: Security through obscurity helps

    From the compromised router (often located in a data center or small office), the attacker scans the local LAN. Since 6.47.10 routers frequently sit at network perimeters, they become gateways to internal servers, CCTV systems, and NAS drives.

    Version release date: ~August 2020
    Status: End-of-life (no longer supported)

    x

    Discover the transformative power of healing in community in Dr. Joy Harden Bradford’s debut book, Sisterhood Heals. Order your copy now!

    Sisterhood heals
    Order Now

    Discover the transformative power of healing in community in Dr. Joy Harden Bradford’s debut book, Sisterhood Heals. Order your copy now!

    Order Now