CVE-2023-25802

Name of the Vulnerable Software and Affected Versions Roxy-WI versions prior to 6.3.6.0

Description The issue is related to the Roxy-WI web interface for managing servers, which fails to correctly neutralize dir/../filename sequences. This allows an actor to gain information about a server. For example, sequences like /etc/nginx/../passwd can be used to access sensitive information. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions prior to 6.3.6.0, update to version 6.3.6.0, which includes a patch for this issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation. Avoid using sequences like dir/../filename in the affected web interface until the issue is resolved.