id: mikrotik-routeros info: name: MikroTik Router OS Login Panel - Detect author: gy741 severity: info description: MikroTik Router OS login panel was detected. reference: - https://systemweakness.com/routeros-user-with-just-ftp-policy-can-write-to-filesystem-cve-2021-27221-e3e45d780dfe classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-score: 0 cwe-id: CWE-200 metadata: max-request: 1 tags: panel,login http: - method: GET path: - '{{BaseURL}}' matchers-condition: and matchers: - type: word words: - 'If this device is not in your possession, please contact your local network administrator' - '.mikrotik.com' condition: and - type: word name: router-old part: body words: - 'mikrotik routeros > administration' - 'Mikrotik Router' - '<img src="/webcfg/' - '<title>MikroTik RouterOS Managing Webpage' condition: or - type: word name: hotspot part: body words: - 'Please log on to use the mikrotik hotspot service' - 'mikrotik hotspot > login' condition: and - type: word name: mikrotik-httpproxy part: header words: - "Server: mikrotik httpproxy" extractors: - type: regex group: 1 regex: - "

RouterOS (.+)

" - '
mikrotik routeros (.[0-9.]+) configuration page
' - 'routeros (.[0-9.]+) ' - 'MikroTik RouterOS (.[0-9.]+)'