Ryan Milne

**Name of the Vulnerable Software and Affected Versions** MikroTik RouterOS versions 6.37.4 through 6.83.3 **Description** The issue concerns the L2TP Client in MikroTik RouterOS, which fails to enable IPsec encryption after a reboot. This allows man-in-the-middle attackers to intercept and view transmitted data without encryption, potentially gaining access to networks on the L2TP server by monitoring packets for transmitted data and obtaining the L2TP secret. **Recommendations** For MikroTik RouterOS versions 6.37.4 through 6.83.3, consider temporarily disabling the L2TP Client until a patch is available to ensure IPsec encryption is consistently enabled. Restrict access to sensitive networks and data to minimize the risk of exploitation.