Specialists from the International Institute of Cyber Security (IICS), the best ethical hacking institute, reported the emergence of a critical vulnerability in some of the MikroTik company routers; according to the reports, the vulnerability would allow malicious hackers to deploy denial-of-service (DoS) attacks against vulnerable devices, forcing their reboot.
MikroTik is a provider of hardware and software solutions for Internet connectivity with presence in various parts of the world; this company also developed RouterOS, a specially designed operating system for routers.
According to experts from the best ethical hacking institute, the vulnerability allows the watchdog timer to restart the compromised device, which generates an overload until the router stops responding.
Although the company reports that this vulnerability has already been corrected, there is another flaw that causes a router memory overload because the size of the IPv6 path cache could be bigger than the RAM available on the device. MikroTik claims that this vulnerability will be corrected by implementing the available memory-based cache size automatic calculation.
Specialists from the best ethical hacking institute believe that vulnerabilities could have been corrected after the updates published in April. MikroTik patches will be applied to fix the vulnerability CVE-2018-19299, but an unpatched MikroTik router that routes traffic through IPV6 would be affected.
The vulnerability assessments launched by the company will work as follows:
- Fixed software blocking when forwarding IPv6 packets
- Fixed software blocking When a large IPv6 neighbor table is processed
- Set the maximum size of IPv6 path cache based on total RAM
According to the specialists, corrections may be functional in current operating system versions (v 6.43.14) and long-term versions (v 6.43.14), only for devices with more than 64 MB of RAM storage. The company recommended its users to upgrade to any version of RouterOS launched after April 1, 2019 as soon as possible.