CVE-2023-30800 HIGH

CVE-2023-30800: MikroTik RouterOS Web Interface Heap Corruption

Vendor Mikrotik
Product RouterOS
Weakness CWE-787
Published September 7, 2023
Last update November 21, 2025
View on NVD All CVEs

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected.

Key dates

02Disclosure timeline

September 7, 2023 CVE published
November 21, 2025 Record updated