Sunday, September 20, 03:35
Home security Vulnerability for DoS attacks in MikroTik routers

Vulnerability for DoS attacks in MikroTik routers

MikroTikMikroTik has revealed that there is one vulnerability in MikroTik routers, which could allow hackers to perform remote attacks and specifically denial-of-service attacks on devices with RouterOS.

"RouterOS has had a number of IPv6-related issues that have been fixed," she says. company in a blog post.

The first issue was to restart the device. The reboot was triggered by the watchdog timer, since the device was overloaded and stopped responding.

The company has released security updates for RouterOS (CVE-2018-19299). However, some experts argue that there are still some devices that are vulnerable.

CVE-2018-19299 vulnerability affects MikroTik devices with IPv6 packets that have not received the information security. The vulnerability can be used by a hacker and cause problems with RAM.

“After troubleshooting the first issue, there was another issue with RAM, as the size of the IPv6 cache was larger than the available RAM. And this issue was corrected by introducing IPv6 automatic calculation based on available memory, ”the company said.

MikroTik has reviewed the issues in RouterOSv6.44.2, RouterOS v6.45beta23 and RouterOSv6.43.14.

However, according to experts, fixes do not work for all devices but for those that have more than 64MB of RAM.

Vulnerability has been known since April 2018 and was known to the company itself but it did not consider it a security vulnerability. However, data revealing the existence of the vulnerability and its exploitation by hackers.

CVE-2018-19299 vulnerability affects virtually all MikroTik devices. According to the Bleeping computer, MikroTik has released more 20 versions of RouterOS since it learned about vulnerability. This was because, first, it did not understand that it was a security error and secondly because it is at the core level, so it is not easy to fix.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

The Windows 10 Android streaming app is available on some devices

Last month, Microsoft announced that Samsung Galaxy smartphones will be able to stream from Android apps to Windows ...

Hackers throw dimokratianews.gr because he insulted Erdogan!

Hacker dimokratianews.gr _ The website dimokratianews.gr was hacked by Turkish hackers because it published a news headline that the Turkish government said offended ...

How to control your data consumption on Android!

Most people need to keep a close eye on data consumption to avoid any surprises in their account. So it is very important ...

What technological innovations determine the future of cybersecurity?

The advancement of technology beyond the facilities it offers, increasing both the speed and the quality of safety performance, ...

Microsoft Outlook: How to block emails from specific senders?

Have you ever received emails from people you do not want? If so, Microsoft ...

US: Department of Commerce abolishes TikTok on September 20th

As announced today by the US Department of Commerce, it will proceed to ban the download of the popular Chinese application TikTok and WeChat, ...

Group Tabs: Chrome will automatically create group Tabs

Google wants to rid users of manually creating tabs from users, so the Chromium team is testing it ...

Pinephone: The version with Manjaro Linux is now available for preorder

A few hours earlier, PINE64 announced that the new Pinephone 'Manjaro Community Edition' is now available for ...

Error allows remote code to run on Apple devices

Bugs found on iPhone, iPad and iPod have been fixed by Apple through new updates for iOS systems ...

The CEO of cyber fraud company NS8 has been arrested for fraud

The CEO of the NS8 cyber fraud company has been arrested and charged with defrauding the company's investors.