: If you don't use SCEP, make sure it is not configured. Go to /ip service and disable any management interfaces (WebFig, WinBox, Telnet) that aren't strictly necessary.
(Also known as part of campaigns by threat actors like Huapi/BlackTech). mikrotik 6.47.10 exploit
By sending a specially crafted packet, an attacker could download the /flash/rw/store/user.dat file, which contained the administrator's password hash (or, in older configurations, the plaintext password). : If you don't use SCEP, make sure it is not configured