Specialists from the International Institute of Cyber Security (IICS), the best ethical hacking institute, reported the emergence of a critical vulnerability in some of the MikroTik company routers; according to the reports, the vulnerability would allow malicious hackers to deploy denial-of-service (DoS) attacks against vulnerable devices, forcing their reboot.
MikroTik is a provider of hardware and software
solutions for Internet connectivity with presence in various parts of the
world; this company also developed RouterOS, a specially designed operating
system for routers.
According to experts from the best ethical
hacking institute, the vulnerability allows the watchdog timer to restart the
compromised device, which generates an overload until the router stops
responding.
Although the company reports that this
vulnerability has already been corrected, there is another flaw that causes a
router memory overload because the size of the IPv6 path cache could be bigger
than the RAM available on the device. MikroTik claims that this vulnerability
will be corrected by implementing the available memory-based cache size
automatic calculation.
Specialists from the best ethical hacking
institute believe that vulnerabilities could have been corrected after the
updates published in April. MikroTik patches will be applied to fix the
vulnerability CVE-2018-19299, but an unpatched MikroTik router that routes
traffic through IPV6 would be affected.
The vulnerability assessments launched by the
company will work as follows:
- Fixed
software blocking when forwarding IPv6 packets - Fixed
software blocking When a large IPv6 neighbor table is processed - Set
the maximum size of IPv6 path cache based on total RAM
According to the specialists, corrections may
be functional in current operating system versions (v 6.43.14) and long-term
versions (v 6.43.14), only for devices with more than 64 MB of RAM
storage. The company recommended its
users to upgrade to any version of RouterOS launched after April 1, 2019 as
soon as possible.
