SGGPO
Worldwide , the number of MikroTik routers exposed to the Internet at risk of being exploited via HTTP and Winbox is 500,000 and 900,000 devices respectively. This number in Vietnam is 9,500 via HTTP and 23,000 via Winbox, according to Bkav's records.
 |
| In Vietnam, the number of MikroTik devices connecting to the Internet as of July 26 is in the tens of thousands. |
A serious vulnerability has just been discovered in the MikroTik RouterOS operating system, allowing an authenticated attacker to escalate privileges from Admin to Super Admin to execute arbitrary code, take full control of devices and turn them into botnets, and launch DDoS attacks.
The newly discovered vulnerability has the identifier CVE-2023-30799, CVSS severity score 9.1. However, Bkav experts believe that the "deadly flaw" here is the "default password". "To exploit the CVE-2023-30799 vulnerability, hackers need to gain Admin rights while most of the default passwords on the devices have not been changed," said Mr. Nguyen Van Cuong, Director of Network Security of Bkav.
MikroTik routers are popular products from the Latvian networking equipment manufacturer. They run on the MikroTik RouterOS operating system, which allows users to access the administration page via either the HTTP web interface or the Winbox application to create, configure and manage a LAN or WAN.
With such a large number of devices connecting to the Internet, to minimize risks, Bkav recommends that users immediately update the latest patch (6.49.8 or 7.x) for RouterOS, and implement the following additional solutions: Disconnect the Internet on the administration interfaces to prevent remote access; set a strong password if the administration page must be public; turn off the Winbox administration program and use the SSH protocol instead, because MikroTik only provides protection solutions for the SSH interface...
Source
![[Photo] Soldiers guard the fire and protect the forest](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/27/7cab6a2afcf543558a98f4d87e9aaf95)
Comment (0)