An gano mummunan rauni (CVE-2023-32154) a cikin tsarin aiki na RouterOS da aka yi amfani da shi a cikin masu amfani da hanyoyin MikroTik, wanda ke ba da damar mai amfani da ba a tabbatar da shi ba don aiwatar da lamba daga nesa a kan na'ura ta hanyar aika sanarwar mai ba da hanya ta hanyar sadarwa ta IPv6 na musamman (RA, Tallace-tallacen Router).
Matsalar ta samo asali ne sakamakon rashin tabbatar da ingantaccen bayanan da ke fitowa daga waje a cikin tsarin da ke da alhakin sarrafa buƙatun IPv6 RA (Router Advertisement), wanda ya sa ya yiwu a rubuta bayanai fiye da iyakokin da aka keɓe da kuma tsara aiwatar da code naka tare da tushen gata. Rashin lahani yana bayyana kansa a cikin rassan MikroTik RouterOS v6.xx da v7.xx, lokacin da aka kunna saƙon IPv6 RA a cikin saitunan don karɓar saƙonni ("ipv6/settings/set accept-router-advertisements=ee" ko "ipv6/settings/set forward= no accept-router-advertisements").
An nuna yuwuwar yin amfani da raunin a aikace a gasar Pwn2Own a Toronto, yayin da masu binciken da suka gano matsalar sun sami tukuicin $100,000 don hacking ɗin matakai da yawa na abubuwan more rayuwa tare da kai hari kan na'ura mai ba da hanya tsakanin hanyoyin sadarwa na Mikrotik da kuma amfani da shi azaman jirgin ruwa don kai hari ga sauran sassan cibiyar sadarwar gida (masu kai hari daga baya sun sami ikon sarrafa bayanai game da Canon).
Bayanai game da raunin an fara buga su ne kafin masana'anta suka samar da facin (0-day), amma sabuntawa zuwa RouterOS 7.9.1, 6.49.8, 6.48.7, 7.10beta8 an riga an buga su tare da ƙayyadaddun lahani. Dangane da bayanai daga aikin ZDI (Zero Day Initiative), wanda ke gudanar da gasar Pwn2Own, an sanar da masana'anta game da raunin a ranar 29 ga Disamba, 2022. Wakilan MikroTik sun yi iƙirarin cewa ba su sami sanarwar ba kuma sun koyi game da matsalar kawai a ranar 10 ga Mayu, bayan aika gargaɗin ƙarshe game da bayyana bayanai. Bugu da ƙari, rahoton rashin lafiyar ya ambaci cewa an aika bayanai game da yanayin matsalar ga wakilin MikroTik a cikin mutum yayin gasar Pwn2Own a Toronto, amma a cewar MikroTik, ma'aikatan kamfanin ba su shiga cikin taron ba a kowane hali.
source: budenet.ru