Skip to content
Mar 29 / Greg

Pre Mikrotik RouterOS v6.38.5 Exploit In The Wild

Mikrotik released the following information:


It has come to our attention that a rogue botnet is currently scanning random public IP addresses to find open Winbox (8291) and WWW (80) ports, to exploit a vulnerability in the RouterOS www server that was patched more than a year ago (in RouterOS v6.38.5, march 2017).

Since all RouterOS devices offer free upgrades with just two clicks, we urge you to upgrade your devices with the “Check for updates” button, if you haven’t done so within the last year.

More information can be found here:

Best regards,

I’ve got confirmation from users that they currently have routers in the wild being exploited! I’m told the only fix for these routers is to immediately update the firmware. In the meantime block port 80(web) and 8291(winbox) to your customer routers.


One Comment

leave a comment
  1. Grand Avenue Broadband / Mar 31 2018

    Further on in the thread, it becomes clear that other exploits exist that are not patched until 6.41, so router owners should follow the breaking news… 🙁

Leave a Comment