CVE-2023-30800

HIGH

MikroTik RouterOS 6.0-6.49.9 - Unauthenticated Denial of Service via HTTP Request

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2023-30800. PoCs published by diemaxxing, griffinsectio.

AI-analyzed exploit summary This is a multithreaded Python script designed to exploit CVE-2023-30800, a DoS vulnerability in Mikrotik RouterOS Web servers. It sends malformed POST requests to the '/jsproxy' endpoint with binary data to trigger the vulnerability.

Description

The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected.

Exploits (3)

nomisec WORKING POC 1 stars

by diemaxxing · poc

https://github.com/diemaxxing/cve-2023-30800-multithread-doser

View Code ZIP pw:eip

This is a multithreaded Python script designed to exploit CVE-2023-30800, a DoS vulnerability in Mikrotik RouterOS Web servers. It sends malformed POST requests to the '/jsproxy' endpoint with binary data to trigger the vulnerability.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Mikrotik RouterOS Web server

No auth needed

Prerequisites: Python 3.6+ · requests library · network access to target

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by griffinsectio · poc

https://github.com/griffinsectio/CVE-2023-30800_PoC_go

View Code ZIP pw:eip

This Go-based PoC exploits CVE-2023-30800 by sending a malformed hex-encoded payload to a vulnerable endpoint. The exploit targets a DoS vulnerability in the target software by continuously sending the payload.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Unknown (likely a network service with a vulnerable 'jsproxy' endpoint)

No auth needed

Prerequisites: Network access to the target's 'jsproxy' endpoint

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by griffinsectio · poc

https://github.com/griffinsectio/CVE-2023-30800_PoC

View Code ZIP pw:eip

This PoC exploits CVE-2023-30800 by sending a malformed payload to the '/jsproxy' endpoint, causing a denial-of-service (DoS) condition. The exploit continuously sends the payload until the target crashes or becomes unresponsive.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Unknown (likely a web server or proxy service vulnerable to CVE-2023-30800)

No auth needed

Prerequisites: Network access to the target's '/jsproxy' endpoint

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://vulncheck.com/advisories/mikrotik-jsproxy-dos

Scores

CVSS v3 7.5

EPSS 0.0170

EPSS Percentile 74.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-787

Status published

Products (1)

mikrotik/routeros 6.0 - 6.49.10

Published Sep 07, 2023

Tracked Since Feb 18, 2026