Is your MikroTik vulnerable...?

It's the kind of "vulnerability" that is not really an issue. Like, when there is a Windows/Microsoft shaming post on a new "ultimate crazy windows vulnerability hack", that requires an administrator and physical access to the server to begin with. At that point, are you really need to be a hacker to do damage? Pure clickbait.

I disagree, if there are people that still use admin/blank as the default login credentials with old firmware then this "Vulnerability" isn't a null issue, the points in the video is aimed at helping people implement some pretty basic yet recommended configurations on their routers to prevent bad actors not only to abuse this CVE but many others.

@user-zm7qz5fq2d pretty much, which is why there is this video and similar ones like it to tell people to stop using default creds and to help them follow some basic but useful configs to help secure their network so that when security researchers check the scope of a vulnerability that it shouldn't be a staggering number like "nearly a million vulnerable devices"

It really should be standard practice to create another admin account with unique weird username and disable (don't delete) the original account. I do this on all devices and Linux servers. The reason I disable the original admin account is sometimes patches / updates may freak out if it can't find it or it may automatically re-create it. Better to disable it.

Never had an issue you knew about? :) would you mind sharing some of the security config that you use please ?
I've had a national ISP categorically tell me the Mikrotik they configured is secure, yet in the logs there was evidence that a 3rd party was logging into the router and the ISP didn't know who the 3rd party was. Yes it's a sample of.1, but my rule of thumb is "don't assume it's secure, ever".

Definitely, as basic administration and patch management goes a long way in keeping your network secure.
I looked at FortiNet's CVE list and that was something I was actually surprised at, a massive list for a vendor whose business model is mostly security.

@@TheNetworkBerg Yep. I use pfsense for firewall and MikroTik switches for home lab. We use Fortinet firewalls at work and branches which I am admin of. I've also deployed few pfsense appliances at the branches without issues. I am too very annoyed and surprised to see so many CVEs lately on the Fortigates that I am temping to stop buying them and get the pfsense appliances instead.
Seems lately I have to run the firmware updates several times in short period of time on so many of our Fortigates. It's crazy. I even shut down the ssl-vpn back in Dec as Fortinet's infinite wisdom to expose the ssl-vpn web to the internet for hackers to pick at. Crazy.

I think these are good questions, I think the first thing that you can do is have an honest conversation with your current employer and making them aware that you no longer feel challenged in your current role and that you are looking at moving into something else, such as configurations. This will let them know that you will either need a different role that will challenge and grow you which they can help with or that you will potentially move on to new opportunities with another company.
I think many people are afraid to be direct with their employers because it feels like you are potentially impacting your job security, but in reality employers value this honesty and is many times the reason why someone "moves up"
As for getting a CCNP, it can definitely help getting an interview with some companies, but from personal experience I think most companies are looking for people with experience already and having the cert itself won't be the biggest reason why you get into an engineering role. You could also check different departments the ISP I first worked for had various divisions and there was an installations team that would primarily drive to a site and install equipment, but they were a part of the config process with core engineers giving them valuable insight and experience until they could move into those roles themselves as they got that hands-on experience.

Maybe :D, (Definitely)

Yeah that sounds like a pretty solid way to manage your devices.

@@TheNetworkBerg those newer hAPs rock a lot when you know what to do with them

I do talk a bit regarding the subject, suggest watching the video. If you want to see an RCE you are welcome to check out Vulncheck's channel. They have a video of it there showcasing how the exploit works, my video is aimed more at stopping exploits like this from occurring by just some basic but best practice rules when bringing a router online.
The big problem is that there are just many routers in the wild that still use the default admin/blank credentials running old firmware making them extremely easy to exploit even without things like Brute Force tools. And yes, the thumbnail is supposed to be sensationalist, I want to get people's attention if it can make at least a few people aware of the risks and get them to just implement a few configuration changes and apply patch management to their system then I am very happy if a thumbnail like this got their attention.

The problem is that A Lot of Mikrotik devices are running with “admin” without any password in the wild, because of this weird design choice they made early on.
People are buying these because they are cheap, connecting to the internet and using them like that

Changing ports, does nothing for an targeted attack.

@@WanderTrekker PSD and FTB does something though

I am very much fine ^^, busy moving to a new country and it is taking all my focus so RUclips has taken a slowdown for a bit. Thank you for your concern :)

​@@TheNetworkBerghappy to hear from you ,you are fine .

The US is also a few miles away from Russia :P