hey
what is your security risk assessment if I have a opened port 8291 (default winbox) to wan??
only security enabled is an ip whitelist
is it a wide open door or ??
Ask yourself a simple question, can WANIPs be spoofed?
It depends on who would try. Your ISP (through which you route all traffic) can use any fake address and your router won’t be able to tell the difference. Some random guy on internet most likely can’t, spoofed packets are usually filtered. And even if not, it’s one thing to send e.g. spoofed udp dns query (where you need it to pass only one way) and another (much more difficult) to establish bidirectional communication needed for tcp.
Plus if you’re an optimist, you can believe that MikroTik fixed WinBox service and there are no more holes left, and your 20+ characters long password will hold.