On February 2 a CVE issue was published, describing a vulnerability, which allows to proxy a TCP/UDP request through the routers Winbox port if it’s open to the internet.
A fix has already been released on February 11, 2019 in all RouterOS release channels. Please keep your device up to date, and protect Winbox port from untrusted networks.
More information:
https://blog.mikrotik.com/security/cve-20193924-dude-agent-vulnerability.html
