CVE-2023-30799 CRITICAL

CVE-2023-30799: MikroTik RouterOS Administrator Privilege Escalation

Vendor Mikrotik

Product RouterOS

Weakness CWE-269

Published July 19, 2023

Last update November 21, 2025

View on NVD All CVEs

CVSS base score

9.1/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.

Key dates

02Disclosure timeline

July 19, 2023 CVE published

November 21, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-30799 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/269.html

Related vulnerabilities

Identifiers

CVE CVE-2023-30799

CWE CWE-269

CVSS 9.1 / CRITICAL

Affected versions

Vendor Mikrotik

Product RouterOS

Affected < 6.49.7

Vendor Mikrotik

Product RouterOS

Affected ≤ 6.48.6

CVE-2023-30799: MikroTik RouterOS Administrator Privilege Escalation

01Description

02Disclosure timeline

03References

04Related CVE