How Hundreds of ISP can be hacked in bangladesh in no time. [Mikrotik]

ost of Our Country ISP/Big_org_network use mikrotik for their network system management , most of time these isp/organization network do not update their isp , and thats the issue here . Most of the mikrotik can be hacked on bangladesh by using 2018’s exploit . This proves we are mostly not aware about the security or the security risk. Enough talking lets get to the exploit part.

Exploit:

We are gonna talk about three year old exploit , mikrotik already patched it three years ago but some of the backdated mikrotik router contains this vulnerability. this one is marked as CVE-2018–14847 .

Details About The Vulnerability

This Vulnerability allows an attacker to arbitrary file read of plain text passwords. After Researching about the vulnerability researcher also found that this vulnerability not only gives a attacker to read file also gives an attacker an unauthenticated permission to write file. We are not gonna write something on mikrotik on this article we are gonna learn how those backdated mikrotik router can be hacked in no time. [ For Educational Purposes only ]

the path for finding plaintext password on mikrotik the exploit usages is.

/////./..//////./..//////./../flash/rw/store/user.dat

Vulnerable Versions are

  • Longterm: 6.30.1–6.40.7
  • Stable: 6.29–6.42
  • Beta: 6.29rc1–6.43rc3

Finding those mikrotik and exploiting them manually is so much hard kind of impossible , So i thought lets use Search engine to find those vulnerable mikrotik routers .[ Disclaimer : No mikrotik router was harmed or exploited without permission ]

Exploit for this CVE-2018–14847

So this is a security risk for any company who use old backdated mikrotik router,these can be exploited easily , and attacker can damage their business. Updating Mikrotik is always a good idea.

[ This Article Was only for Awareness Purpose , I am Not Responsible for any harm or any bad use of this article. ]

Security Researchers | Ctf Player | Web-Application Pen-tester | Programmer