this post was submitted on 13 Jul 2023
3 points (100.0% liked)

Mikrotik

220 readers
8 users here now

A community-contributed sublemmy for all things Mikrotik. General ISP and network discussion also permitted. Please ensure if you're asking a question you have checked the Wiki First: https://help.mikrotik.com

Mikrotik Rules: Don't post content that is incorrect or potentially harmful to a router/network.

This in itself is not a bannable offence but answers that are verifiably incorrect or will cause issues for other users will be edited or removed.

Examples: Factual errors - "EOIP is always unsecure" Configuration problems - Config that would disable all physical interfaces on a router Trolling - "Downgrade it to 5.26"

founded 1 year ago
MODERATORS
 

On 10/05/2023 (May 10th, 2023) MikroTik received information about a new vulnerability, which is assigned the ID CVE-2023-32154. The report stated, that vendor (MikroTik) was contacted in December, but we did not find record of such communication. The original report also says, that vendor was informed in person in an event in Toronto, where MikroTik was not present in any capacity.

What this issue affects: The issue affects devices running MikroTik RouterOS versions v6.xx and v7.xx with enabled IPv6 advertisement receiver functionality. You are only affected if one of the below settings is applied:

ipv6/settings/ set accept-router-advertisements=yes

or

ipv6/settings/set forward=no accept-router-advertisements=yes-if-forwarding-disabled

If the above settings are not set up like in the example, you are not affected. Note that the vulnerable setting combination is not normally found in routers and is rarely used.

What this issue can cause: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability.

Recommended course of action: You can disable IPv6 advertisements, or upgrade to RouterOS 7.9.1, 6.49.8, 6.48.7, 7.10beta8 (all versions already released), and of course newer versions afterwards.

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here