Hacker News new | past | comments | ask | show | jobs | submit login

I hear great things about Mikrotik



Stories like this make me wary of using their products. [1]

[1] https://www.microsoft.com/security/blog/2022/03/16/uncoverin...


While there have been remote exploits against exposed management ports, the vast majority of compromised Mikrotik devices are caused by insecure configurations by users. Mikrotik is huge in the smaller ISP world and especially in developing countries due to the low cost, but those users are not always the most security conscious.


The linked article from Microsoft goes into some detail about the vulnerability in Mikrotik that was being used, and there are many other examples of this happening. Weak creds are also an issue, but their software is pretty buggy from a security standpoint. If you run Mikrotik gear exposed to the public internet, I hope you have good logging and are keeping a sharp eye on it.


Now hang on, the linked article mentions how a Mikrotik with compromised creds can be used as a C2 (as can most routers), and goes on to list the primary methods of compromise:

Default creds (configuration issue) Common creds via bruteforce (configuration issue) Exploit of CVE-2018-14847 (4 year old patched vulnerability).

All of the methods mentioned require local network access in a default configuration. None of these are issues from the public internet.

If you have lateral movement within most networks, you're already likely to have the ability to route and disguise traffic and use the network as a relay point.

I am interested to read of your "many other examples". I'm yet to see a serious network gear vendor without big vulnerabilities to their name. From memory, Cisco had about 4 backdoor root accounts found and CVE'd in 2018 alone.


Their devices have some cool features that make them useful to bad guys. But to be vulnerable you have to:

open the management ports up to the internet (not the default) and be running a firmware prior to April 2018 (or be using a default password)


My exposure to Mikrotik is that you need to download some windows executable to speak some bespoke protocol to perform configuration of the device (specifically for RouterOS)? Is that true?

I've got some of their switches running SwitchOS, which is great, but my minute exposure to winbox has thoroughly put me off anything that uses RouterOS.


You can do everything through web interface called "WebFig" (or even SSH console), but honestly Winbox MDI is much more convenient. I think only Winbox-exclusive feature is connecting through Ethernet packets (without IP).


You have many different options.

(1) SSH into you box for shell and use the command line interface (2) Use the comprehensive web interface (3) use the shell tool in the web interface (4) use wine to run the client


Doesn't most of their gear work with OpenWRT?


I still have Ubiquiti wireless equipment but the rest of my network incorporates Mikrotik and I've been really enjoying using it the past few years.


I have even greater things to say about OpenWrt on Mikrotik hardware (where supported)!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: