we done a netinstall on a router after we dicovery some hidden script. There is no script on the system-> script lists, but we found some execution in Jobs section.
After netinstall, I enforced the firewall rules, and blocked also winbox in input and output chain (previous winbox was only blocked by IP filter on ip->services) and all ports are blocked, excepts winbox and other ports but only from our office IP, both in input and output filter chains.
But tomorrow I found already the hidden scripts execution:
So, i wondering if there is some zero day exploit that install the scripts bypassing the firewall rules, and how can I clean the router? This is a remote router, and is very difficult to do a 2nd netinstall in less that one week.