PT-2022-3504 · Roxy-Wi · Roxy-Wi
Aidaho12
+1
·
Published
2022-07-06
·
Updated
2022-07-14
·
CVE-2022-31126
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
Roxy-wi versions prior to 6.1.1.0
Description
A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to achieve code execution by sending a specially crafted HTTP request to the "/app/options.py" file. This issue is related to the incorrect neutralization of special elements in output, which can be exploited by a remote attacker to execute arbitrary code.
Recommendations
For Roxy-wi versions prior to 6.1.1.0, users are advised to upgrade to a version that contains the fix for this issue. As a temporary workaround, consider restricting access to the "/app/options.py" file until a patch is available. There are no known workarounds for this issue other than upgrading.
Exploit
Fix
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Roxy-Wi