“Given the challenges of updating MikroTik, there are large numbers of devices with these 20 vulnerabilities,” Eclypsium researchers wrote in a post.
While the manufacturer has released patches, the Eclypsium research shows that a significant proportion of users has yet to install them. The estimate, made by researchers at security firm Eclypsium, is based on Internet-wide scans that searched for MikroTik devices using firmware versions known to contain vulnerabilities that were discovered over the past three years.
As many as 300,000 routers made by Latvia-based MikroTik are vulnerable to remote attacks that can surreptitiously corral the devices into botnets that steal sensitive user data and participate in Internet-crippling DDoS attacks, researchers said.