I have a Mikrotik CCR 1036. I am running non default ports for winbox. I am running 6.46.8 Long term

This morning, I attempted to login, and found that no password I have was valid. We then tried the default password of admin with no password, and got in.

The issue is that the router is completely operational and the entire config is up and valid. All my systems are online. Just the credential storage was reset. Apparently it was like this for 2 days. However there is no log entries that show that the default credentials were used, and the Config appears valid.

This unit is mission critical for me. I am aware of CVE-2019-15055. However, there was no physical access, and no login attempts. We have a syslog server that is beyond anyone's ability to tamper with, and we pretty much log every single event and decision the firewall makes. We did see an unusual pattern of 3 IP addresses trying to brute force our legacy pptp service in the same time frame, but they did not get in. We did block those addresses.

I was not aware of a method to clear the credential storage without also resetting the unit, which we would have noticed. I do have alternate CCRs. So what I am trying to decide if I just reset the credential storage, or replace this unit. Comments?

I do have alternate CCRs. So what I am trying to decide if I just reset the credential storage, or replace this unit. Comments?