Hacks and Incidents

MikroTik RouterOS Admin Password Change CSRF

Full Disclosure: MikroTik RouterOS Admin Password Change CSRF:

# Exploit Title: MikroTik RouterOS Admin Password Change CSRF

# Google Dork: N/A
# Date: 23-2-2015
# Exploit Author: Mohamed Abdelbaset Elnoby (@SymbianSyMoh)
# Vendor Homepage: http://www.mikrotik.com
<http://s.bl-1.com/h/mPRbq77?url=http://www.mikrotik.com/>/
# Software Link: http://www.mikrotik.com/download
<http://s.bl-1.com/h/mPRbvX9?url=http://www.mikrotik.com/download>
# Version: All versions < 5.0
# Tested on: All OS
# CVE : N/A

Standard