CVE-2024-54772

Name of the Vulnerable Software and Affected Versions MikroTik RouterOS versions 6.43 through 7.16.1

Description A discrepancy in response times between connection attempts made with a valid username and those with an invalid username in the Winbox service allows attackers to enumerate valid accounts.

Recommendations For versions 6.43 through 7.16.1, consider disabling the Winbox service until a patch is available to prevent attackers from enumerating valid accounts. Restrict access to the Winbox service to minimize the risk of exploitation. Avoid using the Winbox service for authentication until the issue is resolved.