Exploits are everywhere in IT, including Cisco. So yes, there is/was big vulnerability, misused massively. It is already fixed for several months and you can read more on forum or shortly summarized on blog: https://blog.mikrotik.com/
There are many topics all around. I am really surprised you were able to miss them 
I really cant point one specific topic because there are bits and pieces in many and i already lost track of them. Main topic is http://forum.mikrotik.com/t/advisory-vulnerability-exploiting-the-winbox-port-solved/118771/1
make sure to disconnect your device from any non-trusted network before you start proceeding. Safest method will be always Netinstall as it completely wipe the storage and config so nothing can survive, however, I strongly recommend you to read more about different ways to clean your device.