Over the last 15 years, Software-Defined Networking (SDN) has gained widespread support from both research communities and the industry owing to its open nature and programmability. This paradigm empowers stakeholders, including researchers, practitioners, and developers, to craft innovative networking services using robust APIs and a global network view, free from reliance on vendor-dependent control planes. However, the flexible architecture of SDN has introduced a plethora of security challenges absent in traditional network environments. While many surveys have presented existing attacks, there has been a lack of systematization of attacks from a penetration perspective, which is crucial for understanding attacks and their root causes. This paper aims to analyze previous literature that has disclosed attack cases in SDN, scrutinizing their vulnerabilities, penetration routes, and root causes. Additionally, we provide an in-depth and comprehensive discussion of the underlying problems associated with these attacks and present defenses proposed by researchers to mitigate them, analyzing how the root causes are remedied. Through this study, we aim to illuminate existing security issues within the current SDN architecture, prompting a reevaluation of various security problems and providing a future research guideline for SDN security.