MikroTik - Winbox Vulnerability
It is important to note RouterOS vulnerability affecting all RouterOS versions since v6.29.
How it works:
The vulnerability allowed a special tool to connect to the Winbox port, and request the system user database file.
Versions affected: 6.29 to 6.43rc3 (included).
Versions that include a fix: 6.40.8 [bugfix] or 6.42.1 released on 25-mar-2018
Am I affected? Currently, there is no sure way to see if you were affected. If your Winbox port is open to untrusted networks, assume that you are affected and upgrade + change password + add firewall according to MikroTik's guidelines. Make sure that you change the password after an upgrade. The log may show an unsuccessful login attempt, followed by a successful login attempt from unknown IP addresses.
What to do:
1) Upgrade Winbox and RouterOS
2) Change your passwords.
3) Firewall the Winbox port from the public interface, and from untrusted networks. It is best if you only allow known IP addresses to connect to your router to any services, not just Winbox. We suggest this to become common practice. As an alternative, possibly easier, use the "IP -> Services" menu to specify "Allowed From" addresses. Include your LAN, and the public IP that you will be accessing the device from.
Blog post by MikroTik