Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Nine Years of Overlooked MikroTik Pre-Authentication Remote Code Execution Vulnerabilities

DEFCONConference via YouTube

Overview

Explore a detailed security research presentation from DEF CON 31 that uncovers critical vulnerabilities in MikroTik's RouterOS, focusing on a pre-authentication Remote Code Execution (RCE) vulnerability that remained undiscovered for nine years. Learn about the overlooked attack surfaces in RouterOS's architecture, particularly the socket callback and remote object mechanisms that affect over 3 million deployed devices. Discover the methodology used to identify these security flaws, understand the vulnerability patterns, and gain insights into the complex lower-layer objects of Nova Binary implementation. Benefit from shared open-source tools and research approaches that make RouterOS security analysis more accessible, presented by DEVCORE security researcher and Pwn2Own Toronto 2022 "Master of Pwn" winner, Ting-Yu Chen (NiNi).

Syllabus

DEF CON 31 - Review on the Less Traveled Road - 9 Yrs of Overlooked MikroTik PreAuth RCE - NiNi Chen

Taught by

DEFCONConference

Reviews

Start your review of Nine Years of Overlooked MikroTik Pre-Authentication Remote Code Execution Vulnerabilities

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.