This bypass affects both the legacy WinBox protocol and the newer REST API/WebFig components that share the same authentication handler.
A 2023 report from Shadowserver Foundation noted over publicly exposing port 8291 (WinBox) worldwide. A significant fraction of those were running vulnerable versions months after the patch was released. mikrotik routeros authentication bypass vulnerability
While the vulnerability was patched in 2018, it remains a threat today because of unpatched legacy devices. This bypass affects both the legacy WinBox protocol
feature to maintain the latest stable or long-term firmware. 4. Conclusion unauthenticated attackers to read arbitrary files
: A critical directory traversal vulnerability in the WinBox interface allowed remote, unauthenticated attackers to read arbitrary files, including the user database containing administrator credentials.