OS Command Injection Vulnerability in Roxy-WI by Roxy-WI Team
CVE-2024-13129

Currently unrated

Key Information:

Vendor: Roxy-WI Team
Vendor: CVE Published:; 3 January 2025

🔔 Create Roxy-WI Team Vulnerability Alert

What is CVE-2024-13129?

An OS command injection vulnerability has been identified in Roxy-WI versions up to 8.1.3. The issue resides in the action_service function located in the roxy.py file. Malicious manipulation of the action/service argument can be exploited for remote code execution. The security flaw poses a significant risk, as it has been publicly disclosed and may be leveraged by attackers. Users are strongly encouraged to upgrade to version 8.1.4, which contains a patch specifically addressing this vulnerability.

References

https://github.com/0xs1ash/Exploits/tree/main/CVE-EXPLOIT

https://github.com/roxy-wi/roxy-wi/pull/410

https://github.com/roxy-wi/roxy-wi/pull/410#issuecomment-...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 3, 2025