Details are not scarce, they are not existing.
That routers with credentials admin/blank (or admin/admin and similar) can be easily accessed (or bruteforced for simple, common passwords) is not “news”, and the referenced CVE (from 2023) is founded on the same basic issue, from its description:
https://nvd.nist.gov/vuln/detail/CVE-2023-30799
Description
MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and > authenticated > attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.
(highlighting is mine)
Whilst the privilege escalation was (is) only possible on 6.49.7 and earlier, the problem with user “admin” and no or easily guessable password remains if users does not change.
The good Mikrotik guys started replacing admin/blank with admin/ to “force” users to better protect users setups, but nothing can be done for older devices and we have reports of routers compromised within seconds/minutes from being connected to the internet “accidentally” when not in a more secure login state, last example (jFYI):
http://forum.mikrotik.com/t/device-got-hacked-1-min-after-connected-to-internet/178933/1