While i am writing this article, MikroTik has released latest patch to fix Winbox vulnerability which been happening for couple months back. Even most of my customers also have same afraid related with this incident because the impact is very bad, your system might be compromised with admin privilege!
With that being said the attacker must be even has authority as well as your admin does.
This vulnerability used bugs on MikroTik proprietary application, Winbox, with port 8291 TCP. The attacker usually try to inject some scripts along with schedule task, so whenever you reboot, delete the script will be there haunted your system.
All you need to do as a preventive as well as corrective action please consider below points:
- Keep using latest patch stable release with precaution
- Limit the scope of IP which will be used to connect thru Winbox
- Disable unnecessary service, such as: telnet, api, ssh
IMHO, MikroTik till the best of multi-function router with affordable price as long as you have the capability & knowledge to manage it.