Discovered by researchers from Tenable and patched by MikroTik in April 2018, this vulnerability affected RouterOS versions
Compromised MikroTik routers are routinely recruited into massive IoT botnets (like Meris) to launch Distributed Denial of Service (DDoS) attacks.
3. CVE-2024-54772: Winbox User Enumeration/Authentication Bypass mikrotik routeros authentication bypass vulnerability
Malicious actors deploy packet sniffers directly on the router to capture sensitive user data, passwords, and unencrypted traffic.
After upgrading, administrators must . The fix introduces a fine-grained certificate trust store mechanism , requiring administrators to manually configure the trusted CA scope for each service to prevent cross-service certificate trust abuse. Discovered by researchers from Tenable and patched by
CVE-2023-30799 has been actively exploited in the wild. Security researchers have observed:
Improper handling of specific HTTP requests allowed users to bypass the login prompt under unique conditions. After upgrading, administrators must
Never expose management ports directly to the public internet.
Whether your are accessible from the public internet? If you currently use automated configuration backups ? Share public link
: One of the most infamous flaws, this allowed unauthenticated remote attackers to read arbitrary files from the router, including the user database containing plaintext credentials. It affected versions 6.42 and below. Firewall & NAT Bypass (CVE-2019-3924)
As of mid-2026, remains a dominant force in networking for small-to-medium businesses and ISPs, offering high-performance routing and firewall capabilities at an accessible price point. However, its popularity makes it a prime target for threat actors. Authentication bypass vulnerabilities in RouterOS are particularly critical, as they allow attackers to circumvent security controls, gain administrative access, and control network infrastructure .