vendor:
Roxy WI
by:
Nuri Çilengir
9.8
CVSS
CRITICAL
Improper Authentication Control
287
CWE
Product Name: Roxy WI
Affected Version From: <= v6.1.0.0
Affected Version To: <= v6.1.0.0
Patch Exists: YES
Related CWE: CVE-2022-31125
CPE: a:hap-wi:roxy-wi
Platforms Tested: Ubuntu 22.04
2022
Roxy WI v6.1.0.0 – Improper Authentication Control
Roxy WI is vulnerable to unauthenticated remote code execution due to improper authentication control. An attacker can send a malicious POST request to the vulnerable application to execute arbitrary code on the server. This vulnerability affects Roxy WI versions <= v6.1.0.0.
Mitigation:
The vendor has released a patch to address this vulnerability. Users should update their Roxy WI application to the latest version.