Malicious actors could fully takeover 926,000 MikroTik RouterOS routers vulnerable to a critical SuperAdmin privilege escalation flaw, tracked as CVE-2023-30799, BleepingComputer reports.
Exploiting the already patched vulnerability would provide full RouterOS access that would enable attackers to control function call addresses that would then allow them to either significantly change the operating system or conceal malicious activities, according to a VulnCheck report.
Meanwhile, an exploit developed by researchers with the use of Margin Research's FOISted remote RouterOS jailbreak exploit was noted to not only evade FTP interface exposure requirements but also avoid bindshell blocking or filtering.
"'En masse' exploitation is going to be more difficult since valid credentials are required. However, as I outlined in the blog, the routers lack basic protections against password guessing. We intentionally didn't release a proof-of-concept exploit, but if we had, I have no doubt that the exploit would have been successfully used in the wild quickly after the blog was released," said VulnCheck researcher Jacob Baines.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news