Just a side note - it is way too easy to create those CVE-2018-xxxx entries.. Anyone stubborn enough can do it, even without any actual knowledge of the subject, i think this should be restricted to companies only, for example MikroTik should do it itself.
Are you suggesting that this CVE report might be inaccurate or lacking validity?
Perhaps you can share with us how the issue described on that CVE is actually not an issue and the reporting entity was not accurate on the description.
As almost anybody could create a CVE, also almost anybody can step in and prove that is non-important or incorrect, you are welcomed to do so.
In the meantime, I would definitely suggest MIkrotik investigate, as this sounds like an important vulnerability.
And I would also suggest everyone using OpenVPN functionality on RouterOS following up.
We are not talking about a NAT issue, or a High-CPU usage by some process, but a security vulnerability instead, and one the main functions of RouterOS is "Firewalling", so this CVE sounds like something very important, way more than WiFi improvements, Winbox GUI changes, etc.