Quote: Researchers have warned that a known vulnerability in the firmware of MikroTik routers is potentially far more dangerous than previously believed.

The bug in question, CVE-2018-14847, is present in the Winbox administration utility of MikroTik's RouterOS through 6.42 and allows "remote attackers to bypass authentication and read arbitrary files by modifying a request to change one byte related to a Session ID."

While classified as a directory traversal bug of medium severity, researchers from Tenable Research say the vulnerability can be used to remotely execute code due to a new attack method.