Vulnerability Description
A vulnerability was found in Roxy-WI up to 8.1.3. It has been declared as critical. Affected by this vulnerability is the function action_service of the file app/modules/roxywi/roxy.py. The manipulation of the argument action/service leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 8.1.4 is able to address this issue. The identifier of the patch is 32313928eb9ce906887b8a30bf7b9a3d5c0de1be. It is recommended to upgrade the affected component.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/0xs1ash/Exploits/tree/main/CVE-EXPLOIT
- https://github.com/roxy-wi/roxy-wi/pull/410
- https://github.com/roxy-wi/roxy-wi/pull/410#issuecomment-2561289700
- https://github.com/roxy-wi/roxy-wi/pull/410/commits/32313928eb9ce906887b8a30bf7b
- https://github.com/roxy-wi/roxy-wi/releases/tag/v8.1.4
- https://vuldb.com/?ctiid.290149
- https://vuldb.com/?id.290149
- https://vuldb.com/?submit.468530
FAQ
What is CVE-2024-13129?
CVE-2024-13129 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability was found in Roxy-WI up to 8.1.3. It has been declared as critical. Affected by this vulnerability is the function action_service of the file app/modules/roxywi/roxy.py. The manipulati...
How severe is CVE-2024-13129?
CVE-2024-13129 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-13129?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.