It’s A Bird, It’s A Plane, It’s A MikroTik SuperAdmin Bug!

Source: Bleeping Computer It’s A Bird, It’s A Plane, It’s A MikroTik SuperAdmin Bug!

Another Day, Another IT Nightmare

MikroTik RouterOS has often been attacked, and once unwilling contributed to creating a record breaking botnet called Mēris.  Their equipment running RouterOS, and including those using Winbox, need to patch immediately and there are almost one million of them out there.  The bug allows someone with admin access to the network device to grant themselves SuperAdmin, which is an amusing name for the level of privilege given to low level software so it can make function calls and other basic tasks.  A user with that much access could easily root the router or switch and make invisible changes to the OS as well as ensuring their activities cannot be monitored.

You might be wondering why this is so awful if you need to be an admin in order to exploit it; that reason is almost as bad as the bug.  Not only does MikroTik’s RouterOS ship with a built in administrator account named the excessively obvious admin, until October 2021 it’s default password was blank.  If you follow best practices and change or delete that account, RouterOS doesn’t have password complexity requirements so a lazy admin could use an easily guessable password.   To make it even better, except for the SSH interface, RouterOS has absolutely no protections against brute force password guessing.  

Patch ’em if you got ’em, and maybe consider tossing them and getting replacement network devices.

"'En masse' exploitation is going to be more difficult since valid credentials are required. However, as I outlined in the blog, the routers lack basic protections against password guessing," VulnCheck researcher Jacob Baines told BleepingComputer.

Video News

About The Author

Jeremy Hellstrom

Call it,, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.


  1. ray mcsriff

    If you’re using a MikroTik device, and you’re operating it with a blank password (or a weak password) for the default admin account, you’ve likely already been owned long ago. This bug makes little difference. It’s like obsessing about a tree in a vast forest.

    • ray mcsriff

      Correction: not a “bug”, vulnerabilities/poor design.


Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!