Mikrotik has discovered a new RouterOS vulnerability in all RouterOS versions since v6.29. The vulnerability may allow the administrator account of the router to be compromised by an unauthorised source.
While we are not significantly alarmed by this vulnerability it is best practice to apply these updates as soon as they are released by the vendor which is the course of action we have taken overnight and this morning.
Within the last 24 hours of knowing about this vulnerability we have performed the following process for all managed router customers:
- Identify routers that require this update
- Apply Mikrotik version update - released within 12 hours of original notification
- Change all administrator passwords on affected routers
All new router deployments will be shipped with the updated source code as released from the vendor.