CVE-2023-30800
HIGH EPSS 74.4%
Published Sep 7, 20232y ago · Modified Jun 17, 20262w ago
7.5 CVSS 3.1
Published Sep 7, 2023 2y ago
Last Modified Jun 17, 2026 2w ago
Description
The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
74.4% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-787 Out-of-bounds Write Memory Safety
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| mikrotik | routeros | * | ≥6.0 – <6.49.10 |
References 1
- vulncheck.com https://vulncheck.com/advisories/mikrotik-jsproxy-dos
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.