Mikrotik's hardware is nice, but I would never put their stuff on the WAN. They've had vulnerabilities before just like most other consumer router providers. https://www.bleepingcomputer.com/news/security/hundreds-of-t...

As usual those exploits require the management interface to be open to the internet. Which you should never do to begin with on any router, and it isn't setup that way by default. Mikrotik is fine to have on WAN if you don't purposely make it insecure. Even Cisco has had similar vulnerabilities when you configure them in such a wrong way.

And yet people still do it, hence the botnets...

Yes, but my point is that there is nothing unique to Mikrotik here that makes using them on WAN a bad idea. Configure an Ubiquiti, Cisco, Aruba, Palo Alto, PfSense, etc in the same way and you're inviting trouble.

MikroTik is definitely very nice (I'm running my home network with them ~7 devices). Too bad it's not open-source like OpenWRT is :-/

I like MT but it being closed source always irked me for such a critical device: wonder how many Ghosts in the Shell lurk in there...

I'm actually not that worried about them secretly doing something malicious (although that's also a valid concern) but rather in the "given enough eyeballs, all bugs are shallow" and the general risk factors (MikroTik going bankrupt and we're left with obsolete bug-ridden hardware).

Sadly given the large amount of software that's closed source there I don't see them working towards open sourcing any of it as, even technically, it would be a massive effort.

Agreed, even if it was not their intent it being closed source is malicious itself - we need to promote this discourse in public conciousness so people are less afraid to question the unaudited, outsourced binary blobs that fill their day to day lives.