MikroTik issued an advisory to address a rogue botnet that is using a vulnerability in the RouterOS Winbox service, that was patched in v6.42.1 on April 23, 2018.
All RouterOS devices offer free updates. Make sure you update your devices with the “Check for Updates” button.
To prevent being affected, follow these steps:
- Update RouterOS to the latest firmware release.
- Change the password after the update.
- Restore configuration and inspect for unknown settings.
- Implement a good firewall by following this simple steps: MikroTik Manual:Securing Your Router
Devices with versions 6.29 (release date: 05/28/2015) to 6.42 (release date 04/20/2018) are vulnerable. If you have open Winbox access to untrusted networks and are running one of the affected versions: you may be affected. Follow the preventive measures above. If Winbox is not available to the internet, you might be safe, but an upgrade is still recommended.
To learn more about the issue, read here: Winbox Vulnerability