CVE-2023-30799

Name of the Vulnerable Software and Affected Versions MikroTik RouterOS versions prior to 6.49.7 MikroTik RouterOS long-term versions prior to 6.48.7

Description The issue is related to a privilege escalation problem in the Winbox and HTTP interfaces of MikroTik RouterOS. A remote and authenticated attacker can exploit this to escalate privileges from admin to super-admin, allowing the execution of arbitrary code on the system. It is estimated that over 500,000 systems are exposed to potential exploitation. The vulnerability has been exploited in real-world incidents, including the spread of malware and spam attacks through a SOCKS proxy.

Recommendations For MikroTik RouterOS versions prior to 6.49.7, upgrade to RouterOS 6.49.8 or 7.x as soon as possible. For MikroTik RouterOS long-term versions prior to 6.48.7, consider applying the latest patch and blocking unnecessary ports to minimize the risk of exploitation. As a temporary workaround, restrict access to the Winbox and HTTP interfaces until a patch is applied. Apply Attack Surface Management (ASM) to reduce the risk of exploitation.