Thought this was interesting… given the number of exploits already found, I have no doubts that this kind of bounty will turn up more that will be sold to governments and criminals and used against Mikrotik networks. Unless there’s an unpatched kernel bug, the safest way to protect yourself from unknown exploits is to make sure no services are reachable from the WAN (this includes VPN / tunnel endpoints).
https://twitter.com/Zerodium/status/1090950214121222144
Maybe it’s time for Mikrotik to start a bug bounty program?