CVE-2019-3924 Dude agent vulnerability

On February 21, Tenable published a new CVE, describing a vulnerability, which allows to proxy a TCP/UDP request through the routers Winbox port, if it’s open to the internet. Tenable had previously contacted MikroTik about this issue, so a fix has already been released on February 11, 2019 in all RouterOS release channels.

The issue does not affect RouterBOARD devices with default configuration, if the “Firewall router” checkbox was left enabled. The issue DOES NOT pose any risk to the router itself, file system is not vulnerable, the issue only allows redirection of connections if port is open. Device itself is safe.

The issue is fixed in:

  • 6.43.12 (2019-02-11 14:39)
  • 6.44beta75 (2019-02-11 15:26)
  • 6.42.12 (2019-02-12 11:46)

As always, MikroTik urges all users to keep their devices up to date, to be protected against all known vulnerabilities and make sure your routers administative ports are firewalled from untrusted networks. The “ip services” menu, where you can protect the “winbox” service, also affects the “dude agent” service, so if you have limited access with this menu, it also protects you from this issue.