I am founding a lot of CPE (SXT) that has 100% cpu, and i found web proxy enabled in port 41258 anonymous.

Is there a kind of hack attack that can activate that?

Thanks.

What version of ROS are you running on the SXT's? That will determine the answer to your question as there are older versions with vulnerabilities known to them.

6.41.3 and 6.42.1

6.41.3 is able to leak passwords on WinBox port:

viewtopic.php?f=21&t=133533

Update to 6.42.5 and changed passwords and today hacked. Is there a solution?

Don't expose the mgmt interface to the internet? If you have to: use additional security features like port knocking and vpn.

Have you checked your entire configuration for remaining malware? E.g. scheduler and scripts?

You should format and netinstall after being compromised. Winbox access can supposedly be escalated to shell access, where all kinds of malware could be lurking with no way to detect.

Hello guys,
Please, i'm having a similar issue with MikroTik RouterBOARD RB951Ui 2nD. After few days of installation with passwords, I can't log in in again with the password I used. I also notice that the identity changed to "HACKED". Please, what might be the cause?