I wanted to see if anyone had compiled the affects of the winbox vulnerability found in versions 6.29 - 6.42.

I am cleaning up some of the affects and am hoping that other have collected changes in there equipment so I can compare against what I am finding to see if I have found everything.

I have just noticed that it apears to have created interface lists that I'm guessing would be used to start collecting or forwarding information.

I have been collecting changes in my configuration that I have found to hopefully help others resolve any issues they are having, however I'm not sure it is best to post them all on the forums to prevent workarounds for what I have found.

Anyone have any records of what was changed when they were affected by this?

The vulnerability allows someone full admin access to the router, so they could change anything and everything. Mikrotik seem to suggest that winbox can even be elevated to shell access, in which case undetectable backdoors could be installed. The safest way to restore a router is export the config, manually check it, netinstall then import the clean config.