Roxy-WI - Remote Code Execution CVE-2022-31126
- Severity
- Vulnerability description
Roxy-WI before 6.1.1.0 is susceptible to remote code execution. System commands can be run remotely via the ssh_command function without processing the inputs received from the user in the /app/funct.py file.
- Risk description
The risk exists that a remote unauthenticated attacker can fully compromise the server to steal confidential information, install ransomware, or pivot to the internal network.
- Recommendation
Users are advised to upgrade to latest version.
- References
- https://pentest.blog/advisory-roxy-wi-unauthenticated-remote-code-executions-cve-2022-31137/https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-mh86-878h-43c9https://nvd.nist.gov/vuln/detail/CVE-2022-31126
- Codename
- Not available
- Detectable with
- Network Scanner
- Scan engine
- Nuclei
- Exploitable with Sniper
- No
- CVE Published
- Not available
- Detection added at
- Software Type
- Not available
- Vendor
- Not available
- Product
- Not available
Detect this vulnerability now!
Check your clients' targets (or your own) for this vulnerability and thousands more! Get proof for validation with our ethical hacking toolkit.