Tagged "RouterOS"

CVE-2023-41570: Access Control vulnerability in MikroTik REST API

Recently, Mikrotik added a REST server as a new API for managing the router. It is a nice alternative to their proprietary API when automating RouterOS.

However, young software usually contains bugs. Sometimes, these bugs are security-related, and, together with not-so-safe defaults, they may create a vulnerability.

Winbox on WINE: network namespaces for MAC-Telnet

Winbox, the MikroTik RouterOS management application, uses a proprietary link-layer protocol to discover and connect to RouterOS appliances. It’s useful when you have a router with a bad/unknown network configuration.

Let’s see how we can use it on Linux and WINE.

DoS (and possible MITM) in Cisco VPN 3000 Concentrator

TL;DR: the Cisco VPN 3000 Concentrator has a bug that allows you to create a DoS (and maybe a MITM) by sending the wrong netmask in IPSec phase 2.

Simple policy based routing in practice

Sometimes the network setup isn't the one that you find in a textbook.

MikroTik RouterOS: how to use hostnames in firewall rules (instead of IP addresses)

Important note! Apparently now RouterOS supports hostnames in address lists (tested in 6.