By sending more data than a specific service can handle, attackers can crash the service or force the router to execute malicious code that grants open access.
Once authenticated (bypass), an attacker can read arbitrary files using a WinBox file request: mikrotik routeros authentication bypass vulnerability