Tenable Researcher Reveals Extended MikroTik Router Vulnerability
October 08, 2018 / Sean Michael Kerner
At Derbycon, a Tenable security researcher disclosed a new attack vector for a previously disclosed vulnerability in a widely deployed router platform. Routers represent an attractive target for hackers to build botnets and spread malware, especially when the routers have known, unpatched remote code execution vulnerabilities. In April, the CVE-2018-14847 vulnerability was first reported in MikroTik routers that have millions of users worldwide. That initial report indicated the scope of the vulnerability was limited and only had moderate impact, but that's not what Tenable researcher Jacob Baines found. On Oct. 7 at the Derbycon conference, Baines disclosed how attackers can remotely exploit that flaw without the need for any authentication.