"300,000 MikroTik Routers Are Ticking Security Time Bombs"

About 300,000 MikroTik routers are vulnerable to remote attacks that can secretly add the devices to a botnet to steal sensitive user data and engage in Distributed Denial-of-Service (DDoS) attacks. Researchers at the security firm Eclypsium estimated the number of affected routers by performing Internet-wide scans that searched for MikroTik devices using firmware versions known to have vulnerabilities discovered within the past three years. Although the manufacturer has released patches addressing the vulnerabilities, Eclypsium found that many users have not installed them. The vulnerabilities collectively provide many opportunities for threat actors to gain full control over powerful devices, which can then be positioned to target devices behind the Local Area Network (LAN) port and other devices connected to the Internet. This article continues to discuss the vulnerabilities impacting 300,000 MikroTik routers and other notable security incidents involving MikroTik routers. 

Ars Technica reports "300,000 MikroTik Routers Are Ticking Security Time Bombs"