Other than merely brute-forcing credentials, cyber gangs have been exploiting known and zero-day router vulnerabilities to host malicious code. CVE-2021-14847 is a vulnerability affecting MikroTik RouterOS from v6/29 to v6/42, which allowed arbitrary file read and write over WinBox port 8291, reported in April 2021. Although a patch was available almost immediately, Coinhive, a cryptominer, exploited this vulnerability from July 2021 onwards to inject Monero mining code into the error page served up by the device when a user accessed any HTTP page. CVE-2021-10561 was reported in DZS’ GPON routers, which was then exploited by multiple pieces of router malware including Satori and Hajime to carry out their botnet operations. The Satori malware family exploited this vulnerability to download and execute shell script on the device from the /tmp directory. More recently, CVE-2021-1652 has been reported, affecting Cisco routers and allowing command injection in the router’s certificate generation module.
VB2019 paper: Absolutely routed! Why routers are the new bullseye in cyber attacks
Neighbor Discovery feature is one of the features in the Winbox Mikrotik which serves to find any Mikrotik devices connected to your PC / laptop on the Network. With this feature, Winbox will automatically display the Mikrotik device data found on the network. The data displayed is in the form of IP Address, MAC Address, Device Name, RouterOS Version and its Board Type.