In June 2023, security researchers and MikroTik itself confirmed a critical vulnerability that sent shockwaves through the networking community: . Officially designated as CVE-2023-30799 , this flaw allows an unauthenticated, remote attacker to bypass the login mechanism and gain full administrative access to a vulnerable router.
Because the vulnerability allowed arbitrary file reading, attackers could also read the file /flash/nv/store/ssh.key . This allowed them to steal the router's private SSH keys. Even if an administrator changed all passwords, the attacker could still log in via SSH using the stolen keys unless the keys were regenerated or the firmware was updated. mikrotik routeros authentication bypass vulnerability
The following versions of Mikrotik RouterOS are affected by this vulnerability: In June 2023, security researchers and MikroTik itself
: Attackers often leveraged this to write malicious files, create hidden "backdoor" users, or pivot to internal networks. Affected Versions : All versions from 6.29 through 6.42. Exploit-DB 2. Recent & Notable Security Bypasses This allowed them to steal the router's private SSH keys