CVE-2024-13129

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Roxy-WI versions up to 8.1.3

Description A critical issue has been found in Roxy-WI, affecting the action service function of the file app/modules/roxywi/roxy.py. The manipulation of the action/service argument leads to os command injection. This issue can be exploited remotely. The exploit has been publicly disclosed and may be used.

Recommendations For Roxy-WI versions up to 8.1.3, upgrade to version 8.1.4 to address this issue. As a temporary workaround, consider restricting access to the action service function until the update is applied.

Exploit

Fix

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

CVE-2024-13129

Affected Products

Roxy-Wi

CVE-2024-13129

Weakness Enumeration

Related Identifiers

Affected Products

References · 14