← back
CVE-2023-30799

MikroTik RouterOS Administrator Privilege Escalation

CVSS 9.1 CRITICALEPSS 1.3%CWE-269
MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected products
MikroTik · RouterOS
public PoCs found2
githubgithub.com/alzeer711/MikroTik-RouterOS-6.49.18-Exploit-Kit1cve_referencegithub.com/MarginResearch/FOIStedunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/MarginResearch/FOIStedhttps://vulncheck.com/advisories/mikrotik-foisted