I just read this in my SANS @Risk email and know how popular these products are with some spiceheads so I thought I'd share:
Well-known security researcher "kingcope" posted an
announcement this week of a trivially-triggered, pre-authentication heap
corruption vulnerability in the custom SSH daemon shipping with
Mikrotik-branded routers, which have thrived as a low-cost alternative
to better-known router brands. Systems can be crashed with a single line
of Perl provided in the post; remote command execution is not provided
at this time, but is likely in the future as other researchers take note
of the bug. As no updates are available from the manufacturer at this
time, users of impacted devices - which number over 290,000 according
to popular device search engine Shodan - are urged to monitor their logs
for any signs of suspicious activity, particularly since the fact that
the attack occurs after the SSH stream has gone encrypted means that
network-based detection will be limited at best.
Reference:
http://kingcope.wordpress.com/2013/09/02/mikrotik-routeros-5-and-6-sshd-remote-preauth-heap-corruption/
http://www.shodanhq.com/search?q=ROSSSH+port%3A22 (hopefully you don't find your IP on this list)
I hope Mikrotik takes this seriously and releases a patch soon, but more importantly, I hope those with these devices in their networks take note and apply the patches if/when they are released.