How Hundreds of ISP can be hacked in bangladesh in no time. [Mikrotik]

Most of Our Country ISP/Big_org_network use mikrotik for their network system management , most of time these isp/organization network do not update their isp , and thats the issue here . Most of the mikrotik can be hacked on bangladesh by using 2018’s exploit . This proves we are mostly not aware about the security or the security risk. Enough talking lets get to the exploit part.

Exploit:

We are gonna talk about three year old exploit , mikrotik already patched it three years ago but some of the backdated mikrotik router contains this vulnerability. this one is marked as CVE-2018–14847 .

Details About The Vulnerability

This Vulnerability allows an attacker to arbitrary file read of plain text passwords. After Researching about the vulnerability researcher also found that this vulnerability not only gives a attacker to read file also gives an attacker an unauthenticated permission to write file. We are not gonna write something on mikrotik on this article we are gonna learn how those backdated mikrotik router can be hacked in no time. [ For Educational Purposes only ]

the path for finding plaintext password on mikrotik the exploit usages is.

/////./..//////./..//////./../flash/rw/store/user.dat

Vulnerable Versions are

  • Longterm: 6.30.1–6.40.7
  • Stable: 6.29–6.42
  • Beta: 6.29rc1–6.43rc3

Finding those mikrotik and exploiting them manually is so much hard kind of impossible , So i thought lets use Search engine to find those vulnerable mikrotik routers .[ Disclaimer : No mikrotik router was harmed or exploited without permission ]

Exploit for this CVE-2018–14847

So this is a security risk for any company who use old backdated mikrotik router,these can be exploited easily , and attacker can damage their business. Updating Mikrotik is always a good idea.

[ This Article Was only for Awareness Purpose , I am Not Responsible for any harm or any bad use of this article. ]

--

--

--

Security Researchers | Ctf Player | Web-Application Pen-tester | Programmer

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Security Communication Protocols of Internet of Things(IOT)

5 Reasons To Install Security Cameras At Your Home Or Business

Two High Probability Paths To Your First Cyber Security Job

ProBit Global Lists Ryoshi Token (RYOSHI)

Guide to Gems on Yuser

2FA Just Got Better With HYDROGEN

{UPDATE} The Survival Hack Free Resources Generator

STEX goes the extra steps to keep your Cypto Secure

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Joy Ghosh

Joy Ghosh

Security Researchers | Ctf Player | Web-Application Pen-tester | Programmer

More from Medium

Advent of Cyber 2021 — [Day 7] Migration Without Security

The Terror of Log4j and Why should you be bothered?

HTB: Driver

IPA File Extraction using Jailbroken iPhone