MikroTik Vulnerability Advisory

After the recent reported rogue botnet that uses the vulnerability in the MikroTik’s RouterOS WinBox Service (patched in RouterOS v6.42.1 on the 23rd of April this year),

MikroTik has released an email yesterday to it’s registered users to update with the new patch to prevent them from getting affected with the vulnerability.

They said that all versions from 6.29 (Released: May 28, 2015) up to 6.42 (Released: April 20, 2018) are vulnerable. Your device could be affected if you have open WinBox access to untrusted networks and you are running one of the affected versions.

MikroTik’s RouterOS provides free updates.

To update RouterOS with the latest release, you may follow the steps below:

  • Update from QuickSet after you connect to your MikroTik Router, just click on Check For Updates then Download & Upgrade button.
  • Update from System > Packages, then click Check For Updates and Download & Upgrade.

You may see more informations from this link, Manually Upgrading RouterOS.

Securing your MikroTik Router by changing the password after the new update and implement a good firewall. You may also see the article for securing your router from this link, Manually Securing Your Router.

More informations regarding the vulnerability can be found on the link below.

MikroTik Blogs