Winbox (MikroTik)

Critical Risk

TCP — Remote Access

Port Overview

Port Number 8291

Service Name Winbox (MikroTik)

Transport Protocol TCP

Category Remote Access

Security Risk Critical

Port Range Registered (1024-49151)

What is Port 8291?

Port 8291 is used by MikroTik's proprietary Winbox management protocol for configuring RouterOS-based routers and switches. The Winbox desktop application connects to this port to provide a GUI for network device management. Multiple critical vulnerabilities have been discovered in the Winbox protocol, including CVE-2018-14847 (Chimay Red) which allowed credential extraction without authentication.

TCP Remote Access Commonly Used

Security Considerations

Port 8291 (Winbox (MikroTik)) is classified as critical risk. This port should not be exposed to the public internet. The service transmits data without encryption, making it vulnerable to eavesdropping, credential theft, and man-in-the-middle attacks.

Recommendation: Block this port at the firewall. Use encrypted alternatives (SSH, SFTP, HTTPS) instead.

Related Ports — Remote Access

22 SSH 23 Telnet 89 SU/MIT Telnet Gateway 95 SUPDUP 107 Remote Telnet 177 XDMCP 259 ESRO 311 macOS Server Admin