Thursday, 29 November 2018 / Published in Blog, RouterBOARDs

MikroTik Newsletter #2018-13, November 29, 2018

Hello,

In this newsletter:

– new PWR-LINE AP
– new wAP, LtAP mini, LHG and SXT kits with R11e-4G LTE card
– new metal SOLIDmount
– wall mount kit for RB4011 series

=======================

We are glad to introduce our PWR-LINE AP product line!

The PWR-LINE AP is a wireless access point with a single Ethernet port, a built-in 2.4GHz 802.11b/g/n WiFi radio and capability to connect to other PWR-LINE devices through the electrical lines in your premises. When plugged into the same electrical circuit, the PWR devices will establish Ethernet connectivity by using the HomePlug AV standard, without the need to re-wire your building, if LAN cables are not already present. Easily extend your WiFi coverage, by merely adding more PWR-LINE units in rooms, where WiFi coverage needs to be improved.

Unlike other Powerline products available in the market, our PWR-LINE AP are sold by single units and run fully featured RouterOS, that opens up a wide array of functions. When using multiple PWR-LINE AP devices in your network, you can even manage them all with the CAPsMAN access point manager feature, which can be run on your main MikroTik router!

We have two models available:
PL6411-2nD comes with plug type A (commonly used in the USA, Canada, Mexico & Thailand)
PL7411-2nD comes with plug type C (widely used in Europe, South America & Asia)

Download brochures below with use cases and specifications:
https://mikrotik.com/download/share/PWR_line_ap_us.pdf (PL6411-2nD)
https://mikrotik.com/download/share/PWR_line_ap.pdf (PL7411-2nD)

We have both models in stock, and you are welcome to place your orders online!

=======================

Our LTE products are now available also with the R11e-4G card installed. R11e-4G card supports LTE FDD bands 3 (1800MHz), 7 (2600MHz), 20 (800MHz) and 31 (450MHz), as well as LTE TDD bands 41n (2500MHz), 42 (3500MHz) and 43 (3700MHz).

wAP 4G kit (RBwAPR-2nD&R11e-4G)
https://mikrotik.com/download/share/wAP_lte_kit1.pdf

LtAP mini 4G kit (RB912R-2nD-LTm&R11e-4G)
https://mikrotik.com/download/share/ltap_mini_lte_kit.pdf

SXT 4G kit (RBSXTR&R11e-4G)
https://mikrotik.com/download/share/SXT_LTE_kit.pdf

LHG 4G kit (RBLHGR&R11e-4G)
https://mikrotik.com/download/share/LHG_LTE_kit.pdf

Some of the kits are already available, and others will arrive in a couple of weeks. You are welcome to place your orders online!

=======================

The solidMOUNT is an advanced pole mount adapter for LHG series products. It’s made from metal, allows adjustment both vertically and horizontally and supports all LHG series, products, including LHG XL.

More information here:
https://mikrotik.com/download/share/solidMOUNT.pdf

=======================

WMK4011 is a simple solution for mounting the RB4011 in public locations to avoid accidental unplugging of cables. Made from durable steel, the mount attaches to a wall and allows the Ethernet cables to be plugged in before the router is mounted inside. This means that once the device is secured, there is no easy way to unplug cables or move the device.

More information here:
https://mikrotik.com/download/share/4011_mount.pdf

==============================================

Load-balance using PCC in MikroTik RouterOS v 6.xx

Introduction PCC “Per Connection Classifi...
Audience – a router for those who value both beauty and functionality

Audience is a tri-band (2.4 GHz & high + lo...
DO NOT let the cables limit you, More Throughput over Power!

PWR-LINE PRO PWR-LINE PRO (PL7510Gi) is a smart...
The First MikroTik product with 10G RJ45 Ethernet ports, CRS312-4C+8XG-RM

CRS312-4C+8XG-RM Switch of the future: the firs...
Netflix has identified vulnerabilities in RouterOS.

Netflix has identified several TCP networking v...

CVE-2024-54772
Issue Summary A vulnerability has been identified in the WinBox service, where a discrepancy in response size between connection attempts with valid and invalid usernames allows attackers to confirm if user accounts exists via brute forcing the login process. In other words, when attacker tries to log into the device, by examining the response, the […]
CVE-2023-30799
A new CVE has been published, which describes a policy elevation issue, where a logged in administrator with “policy” permissions (able to grant additional permissions to any user on the router), is also able to send crafted configuration commands, that are exchanged internally by the router software components and normally are rejected when sent by […]
CVE-2023-32154
On 10/05/2023 (May 10th, 2023) MikroTik received information about a new vulnerability, which is assigned the ID CVE-2023-32154. The report stated, that vendor (MikroTik) was contacted in December, but we did not find record of such communication. The original report also says, that vendor was informed in person in an event in Toronto, where MikroTik […]
Mēris botnet
In early September 2021 QRATOR labs published an article about a new wave of DDoS attacks, which are originating from a botnet involving MikroTik devices. As far as we have seen, these attacks use the same routers that were compromised in 2018, when MikroTik RouterOS had a vulnerability, that was quickly patched. There is no […]
Fragattacks
In beginning of May 2021, a security research group from Belgium published a set of vulnerabilities they call “Frag Attacks” (from Fragmentation Attack), which affect all modern security protocols of Wi-Fi. Not all the published issues affect MikroTik products, but those that were found to be potentially affecting RouterOS, have been fixed in all currently released […]
Upgraded package signatures
The RouterOS package signing procedure has been upgraded, to use new algorithms and utilize state of the art security hardware. It will also add a possibility to verify the integrity of existing installations. The new updated package signing procedure provides additional security to prevent installation of malicious software. Best security practices: Keep RouterOS updated to the […]
CVE-2019-3981
Summary Tenable has published a potential vulnerability in older RouterOS versions where an attacker can retrieve the password hash of a RouterOS username via a complex man-in-the-middle attack over port 8291. The attacker must be able to intercept a valid RouterOS user login attempt, so he must be located in the same network as the […]
DNS cache poisoning vulnerability
Tenable has identified a vulnerability in RouterOS DNS implementation. RouterOS 6.45.6 and below is vulnerable to unauthenticated remote DNS cache poisoning via Winbox. The router is impacted even when DNS is not enabled. One possible attack vector is via Winbox on port 8291 if this port is open to untrusted networks. The resolver can be […]
Package validation and upgrade vulnerability
Tenable has identified a couple of issues with RouterOS packaging and upgrade systems. The upgrade system used by RouterOS 6.45.5 and below is vulnerable to man in the middle attacks and insufficient package validation. An attacker can abuse these vulnerabilities to downgrade a router’s installed RouterOS version, possibly lock the user out of the system, […]
CVE-2019-11477, CVE-2019-11478, CVE-2019-11479
Summary Netflix has identified several TCP networking vulnerabilities in the Linux kernel that is used in RouterOS. The vulnerabilities can trigger denial of service if the RouterOS system is attacked from an insufficiently protected network interface (port). Firewall can protect against the issue. MikroTik has already applied the necessary patches: fix included in RouterOS 6.45.1 and […]

MikroTik Newsletter #2018-13, November 29, 2018

What you can read next