As many as 300,000 routers made by Latvia-based MikroTik are vulnerable to remote attacks that can surreptitiously corral the devices into botnets that steal sensitive user data and participate in Internet-crippling DDoS attacks, researchers said.
The estimate, made by researchers at security firm Eclypsium, is based on Internet-wide scans that searched for MikroTik devices using firmware versions known to contain vulnerabilities that were discovered over the past three years. While the manufacturer has released patches, the Eclypsium research shows that a significant proportion of users has yet to install them.
“Given the challenges of updating MikroTik, there are large numbers of devices with these 2018 and 2019 vulnerabilities,” Eclypsium researchers wrote in a post. “Collectively, this gives attackers many opportunities to gain full control over very powerful devices, positioning them to be able to target devices both behind the LAN port as well as target other devices on the Internet.”