Vulnerabilities > CVE-2023-30800 - Out-of-bounds Write vulnerability in Mikrotik Routeros

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
mikrotik
CWE-787

Summary

The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected.

Vulnerable Configurations

Part Description Count
OS
Mikrotik
156

Common Weakness Enumeration (CWE)