New hacking technique used against vulnerable MikroTik routers allows attackers to remotely execute code on affected devices and gain a root shell. The vulnerability, identified as CVE-2018-14847, was initially rated as medium in severity but should now be rated critical because the new hacking technique uses the same vulnerability found by Tenable Research takes it to one step ahead. The new exploit could allow unauthorized attackers to read arbitrary files by modifying a request to change one byte related to a Session ID. The vulnerabilities impact Mikrotik RouterOS firmware versions before 6.42.7 and 6.40.9.
Source: https://thehackernews.com/2018/10/router-hacking-exploit.html