
PoC Attack Escalates MikroTik Router Bug to ‘As Bad as It Gets’ - ccnafr
https://threatpost.com/poc-attack-escalates-mikrotik-router-bug-to-as-bad-as-it-gets/138076/
======
shakna
> The licupgr binary has an sprintf that an authenticated user can use to
> trigger a stack buffer overflow.

The printf family is responsible for so many problems. Few people seem to know
how to use it safely, or when to use something else.

> only approximately 30 percent of vulnerable modems have been patched, which
> leaves approximately 200,000 routers...

Welcome to the botnet. Combining the two bugs gives root, and that's a large
enough collection of devices to target.

~~~
aaaaaaaaaab
>Few people seem to know how to use it safely, or when to use something else.

I was taught printf should only be used for quick n dirty debugging.

~~~
bottled_poe
Please just use a decent logging library and debugger... it will up you
productivity, you will learn important skills and you will write cleaner code
and you will prevent issues like this one.

------
minimaul
This isn't as bad as it sounds - it only works if the attacker has access to
the management interface. If you're exposing that unfettered to the web at
large, imo you deserve what you get.

~~~
zaarn
Domain Reflection is a thing, load a webpage on domain www.example.bad with
low DNS TTL, then repoint it to common IPs for management interfaces, make
AJAX call. Of course a lot of routers try to filter it but it works in a
surprising amount of installs to this day.

Another entry point could be other devices in your network that have been
taken over to some extend (or maybe even an app on your phone).

------
buserror
I used Microtik routers for a few years, I felt nerdy and in control and all
that. Until one day one of them bricked itself completely while updating
itself. I replaced it with a off-the-shelf consumer one and realised
immediately that it was a LOT faster than the fancy Microtik. Experience of
One of course, but well, I never bought another.

~~~
berberous
I have no experience with Microtik, but you dont seem to be comparing like
generations. A newer router will beat an older one just due to the march of
technology.

~~~
cannonedhamster
I had the same experience with Mikrotik routers. Same generation devices. Also
suffered from random drops of the network. Very good transmission distance
when it worked.

------
netsec_burn
tl;dr this is the "proof of concept":

GET
/ssl_conn.php?usrname=%s&passwd=%s&softid=%s&level=%d&pay_typ'e=%d&board=%d
HTTP/1.0

Attackers will not be able to use that, nor will they care. There are already
plenty of routers vulnerable to RCE on the Internet.

