It does mention 6.42 in the How to get owned, how to stay clean section. And as you point out, that has bugs.
But what version should be recommended? https://www.cvedetails.com/vulnerability-list/vendor_id-12508/product_id-23641/year-2022/opov-1/Mikrotik-Routeros.html
And here is the mikrotik_cpe_match.json included with the Microsoft routeros-scanner on gihhub (it looks like 6.48.3 was still vulnerable to CVE-2020-20231, is it fixed after that?)
{
"CVE-2020-20219": [
{
"exact": "6.44.6"
}
],
"CVE-2015-2350": [
{
"end_including": "5.0"
}
],
"CVE-2012-6050": [
{
"exact": "5.15"
}
],
"CVE-2020-20262": [
{
"end_excluding": "6.47"
}
],
"CVE-2020-20215": [
{
"exact": "6.44.6"
}
],
"CVE-2020-20254": [
{
"end_excluding": "6.47"
}
],
"CVE-2018-1157": [
{
"end_excluding": "6.40.9"
},
{
"end_excluding": "6.42.7"
}
],
"CVE-2018-1156": [
{
"end_excluding": "6.40.9"
},
{
"end_excluding": "6.42.7"
}
],
"CVE-2020-20214": [
{
"exact": "6.44.6"
}
],
"CVE-2020-20222": [
{
"exact": "6.44.6"
}
],
"CVE-2020-20218": [
{
"exact": "6.44.6"
}
],
"CVE-2020-20213": [
{
"exact": "6.44.5"
}
],
"CVE-2020-20252": [
{
"end_excluding": "6.47"
}
],
"CVE-2020-22845": [
{
"exact": "6.47"
}
],
"CVE-2017-6297": [
{
"exact": "6.37.4"
},
{
"exact": "6.83.3"
}
],
"CVE-2019-3977": [
{
"end_including": "6.44.5"
},
{
"end_including": "6.45.6"
}
],
"CVE-2020-20248": [
{
"exact": "6.47"
}
],
"CVE-2020-20225": [
{
"end_excluding": "6.47"
}
],
"CVE-2020-20264": [
{
"end_excluding": "6.47"
}
],
"CVE-2017-8338": [
{
"exact": "6.38.5"
}
],
"CVE-2020-20265": [
{
"end_excluding": "6.47"
}
],
"CVE-2008-6976": [
{
"start_including": "2.0",
"end_including": "2.9.51"
},
{
"start_including": "3.0",
"end_including": "3.13"
}
],
"CVE-2020-20249": [
{
"end_excluding": "6.47"
}
],
"CVE-2019-3976": [
{
"end_including": "6.45.6"
},
{
"end_including": "6.44.5"
}
],
"CVE-2020-22844": [
{
"exact": "6.47"
}
],
"CVE-2020-20253": [
{
"end_excluding": "6.47"
}
],
"CVE-2020-20212": [
{
"exact": "6.44.5"
}
],
"CVE-2020-20245": [
{
"exact": "6.46.3"
}
],
"CVE-2020-20250": [
{
"end_excluding": "6.47"
}
],
"CVE-2019-16160": [
{
"end_excluding": "6.45.5"
}
],
"CVE-2020-20211": [
{
"exact": "6.44.5"
}
],
"CVE-2020-20246": [
{
"exact": "6.46.3"
}
],
"CVE-2020-20231": [
{
"start_including": "6.44.6",
"end_including": "6.48.3"
}
],
"CVE-2020-20266": [
{
"end_excluding": "6.47"
}
],
"CVE-2019-3979": [
{
"end_including": "6.44.5"
},
{
"end_including": "6.45.6"
}
],
"CVE-2020-20227": [
{
"exact": "6.47"
}
],
"CVE-2019-3943": [
{
"end_including": "6.42.12"
},
{
"end_including": "6.43.12"
},
{
"exact": "6.41"
},
{
"exact": "6.41"
},
{
"exact": "6.41"
},
{
"exact": "6.41"
},
{
"exact": "6.41"
},
{
"exact": "6.41"
},
{
"exact": "6.41"
},
{
"exact": "6.41"
},
{
"exact": "6.41"
},
{
"exact": "6.41"
},
{
"exact": "6.41"
},
{
"exact": "6.41"
},
{
"exact": "6.42"
},
{
"exact": "6.42"
},
{
"exact": "6.42"
},
{
"exact": "6.42"
},
{
"exact": "6.42"
},
{
"exact": "6.42"
},
{
"exact": "6.42"
},
{
"exact": "6.42"
},
{
"exact": "6.42"
},
{
"exact": "6.42"
},
{
"exact": "6.42"
},
{
"exact": "6.42"
},
{
"exact": "6.42"
},
{
"exact": "6.42"
},
{
"exact": "6.42"
},
{
"exact": "6.42"
},
{
"exact": "6.42"
},
{
"exact": "6.42"
},
{
"exact": "6.42"
},
{
"exact": "6.42"
},
{
"exact": "6.42"
},
{
"exact": "6.42"
},
{
"exact": "6.42"
},
{
"exact": "6.42"
},
{
"exact": "6.42"
},
{
"exact": "6.43"
},
{
"exact": "6.43"
},
{
"exact": "6.43"
},
{
"exact": "6.43"
},
{
"exact": "6.43"
},
{
"exact": "6.43"
},
{
"exact": "6.43"
},
{
"exact": "6.43"
},
{
"exact": "6.43"
},
{
"exact": "6.43"
},
{
"exact": "6.43"
},
{
"exact": "6.43"
},
{
"exact": "6.43"
},
{
"exact": "6.43"
},
{
"exact": "6.43"
},
{
"exact": "6.43"
},
{
"exact": "6.43"
},
{
"exact": "6.43"
},
{
"exact": "6.43"
},
{
"exact": "6.43"
},
{
"exact": "6.43"
},
{
"exact": "6.43"
},
{
"exact": "6.43"
},
{
"exact": "6.43"
},
{
"exact": "6.44"
},
{
"exact": "6.44"
},
{
"exact": "6.44"
},
{
"exact": "6.44"
},
{
"exact": "6.44"
},
{
"exact": "6.44"
},
{
"exact": "6.44"
},
{
"exact": "6.44"
},
{
"exact": "6.44"
},
{
"exact": "6.44"
},
{
"exact": "6.44"
},
{
"exact": "6.44"
}
],
"CVE-2019-3978": [
{
"end_including": "6.44.5"
},
{
"end_including": "6.45.6"
}
],
"CVE-2019-3981": [
{
"end_excluding": "6.43"
},
{
"end_excluding": "3.20"
}
],
"CVE-2020-20267": [
{
"end_excluding": "6.47"
}
],
"CVE-2019-15055": [
{
"start_including": "6.45",
"end_including": "6.45.3"
},
{
"end_including": "6.44.5"
}
],
"CVE-2020-20230": [
{
"end_excluding": "6.47"
}
],
"CVE-2020-20247": [
{
"end_excluding": "6.46.5"
}
],
"CVE-2020-20237": [
{
"exact": "6.46.3"
}
],
"CVE-2018-1159": [
{
"end_excluding": "6.40.9"
},
{
"end_excluding": "6.42.7"
}
],
"CVE-2020-11881": [
{
"start_including": "6.41.3",
"end_including": "6.46.5"
},
{
"exact": "7.0"
},
{
"exact": "7.0"
},
{
"exact": "7.0"
}
],
"CVE-2020-20221": [
{
"end_excluding": "6.44.6"
}
],
"CVE-2018-14847": [
{
"end_including": "6.42"
}
],
"CVE-2019-13954": [
{
"exact": "6.45"
},
{
"end_excluding": "6.44.5"
}
],
"CVE-2019-3924": [
{
"end_excluding": "6.42.12"
},
{
"end_excluding": "6.43.12"
}
],
"CVE-2018-7445": [
{
"end_excluding": "6.41.3"
},
{
"exact": "6.4.2"
},
{
"exact": "6.4.2"
},
{
"exact": "6.4.2"
},
{
"exact": "6.4.2"
},
{
"exact": "6.4.2"
},
{
"exact": "6.4.2"
},
{
"exact": "6.4.2"
},
{
"exact": "6.4.2"
},
{
"exact": "6.4.2"
},
{
"exact": "6.4.2"
},
{
"exact": "6.4.2"
},
{
"exact": "6.4.2"
},
{
"exact": "6.4.2"
}
],
"CVE-2020-20217": [
{
"end_excluding": "6.47"
}
],
"CVE-2017-7285": [
{
"exact": "6.38.5"
}
],
"CVE-2020-20216": [
{
"exact": "6.44.6"
}
],
"CVE-2019-13955": [
{
"end_excluding": "6.44.5"
},
{
"exact": "6.45"
}
],
"CVE-2020-20220": [
{
"end_excluding": "6.47"
}
],
"CVE-2018-1158": [
{
"end_excluding": "6.40.9"
},
{
"end_excluding": "6.42.7"
}
],
"CVE-2021-27221": [
{
"exact": "6.47.9"
}
],
"CVE-2020-20236": [
{
"exact": "6.46.3"
}
]
}