Security researchers from various organizations have been working to analyze and exploit the vulnerability. According to public disclosures, the vulnerability was cracked using a combination of techniques, including:

MikroTik RouterOS Authentication Bypass: Vulnerabilities and Defense

If you manage a MikroTik router, . Assume that any device exposed to the internet with an old version of RouterOS is already compromised. Isolate, patch, and audit your logs for unexpected session times.

There is confusion in forums about what "cracked" means. No, attackers have not cracked the AES-256 encryption of RouterOS. However, they have cracked the logic flaw in the authentication sequence.