Hi,
Mikrotik is affected by this: CVE-2023-52424
Or not?
Everyone is affected.
But, the vulnerability requires that the attacker knows the PSK (pre-shared key).
The solution? Use enterprise authentication with certificate verification.
When everyone starts using enterprise authentication with certificate authentication, some idiot will say, “Aha! But what if the attacker has the private certificate of the server? Then they can perform a man in the middle attack! Woohoo I’m so smart! Here comes a new CVE affecting all routers on the planet! Free publicity please!”
It’d be like creating a CVE stating that every OS in existence is vulnerable if someone has your password. Then someone says “use MFA.” Then someone creates a CVE stating that they found a security vulnerability if someone has your MFA.