Q: How can I protect my network from the exploit? A: To protect your network, upgrade to a patched version, disable Winbox, use secure protocols, implement firewall rules, and monitor router logs.
While FOISted was about moving from admin to root, targeted 6.47.10 from the outside. mikrotik 6.47.10 exploit
MikroTik RouterOS 6.47.10 is susceptible to CVE-2021-41987, a critical heap-based buffer overflow in the SCEP server that allows unauthenticated remote code execution (RCE). Additionally, the version is vulnerable to CVE-2023-30799, a privilege escalation flaw that allows authenticated users to gain full control of the device. Immediate upgrade to RouterOS 6.49.7 (Stable) or higher is required to patch these vulnerabilities. For further technical details, visit the NVD CVE-2021-41987 detail page National Institute of Standards and Technology (.gov) CVE-2021-41987 Detail - NVD Q: How can I protect my network from the exploit
Set an "input" chain rule that drops all traffic from the WAN interface except for established and related connections. MikroTik RouterOS 6
This version is considered vulnerable. You should upgrade to 6.49.10 or higher, or move to RouterOS v7 .
The disclosures from 2023-2024 (CVE-2023-32154, CVE-2023-39226) primarily affected RouterOS v7. However, threat actors have not forgotten v6.47.10. It has become a "low-hanging fruit" script-kiddie target.
: If left enabled, an attacker on the same physical network or VLAN can attempt to brute-force or bypass login screens using the device's MAC address.
