We should start betting how many duplicates are gonna appear in upcoming month.
And all that because of someone showing how to hack YOUR OWN router..
This does not pose any risk. As long as you have physical access to the device, there is always some way to get in, even if it is via JTAG interface ...
On the other hand, it needs to be accepted as possible threat of second-hand devices. You will never know who operated it before you and what they did with the system... Netinstall is probably the only way.
For those who are even more paranoid, maybe even netinstall is not enough. It is a little secret but it seems there is a way to update backup routerboot: https://wiki.mikrotik.com/wiki/Manual:R ... bootloader
backup bootloader was always presented as read-only part of the device which cannot be possibly infected. However since there is this "special" package, we may assume that it is possible to rewrite it, therefore it is likely not on true read-only memory... What that means, together with root access is obvious - devices may be potentially infected so deep that even netinstall will be unable to wipe it.
(anyone is welcome to find a hole in my line of thoughts... Maybe it is safe after all and I just made some wrong assumption. All I am asking is an factual argument)