Hello,
If i permit port 8291 (winbox port) from trusted ips, am i protected from CVE-2019-3978, CVE-2019-3979?
those trusted ips are not attacker are my own ips.
THanks

In general, do not let port 8291 open to any public IP...Use VPN to access your devices and allow access to 8291 only from your VPN interface...

But in case you do not want to use VPN, then allow access to your device from your public IPs but also use port knocking technique...

The safest you can do is to disable winbox and only use SSH to access your devices....

Hi,
but my question is something else,
my winbox port has ip restriction and i have a firewall rule that drop all traffic from any ips (except trsuted ip) towards my input chain.
so with these works am i safe from CVE-2019-3978, CVE-2019-3979?
because asi know attacker do query by sending it to winbox port and if it will be close and firewalled , attacker can not do anything, right?

If only trused IP can access winbox, surely you are safe. I don't understand the question. Do you think your trusted PC will suddenly attack the router? Probably not

Ok Normis,
this is what i wanted to hear! i wanted to make sure am i protect fromt hose CVE while my winbox is firewalled.