CVE-2024-13129 | Roxy-WI up to 8.1.3 roxy.py action_service action/service os command injection

Posted by Angelo Barbosa | Jan 3, 2025 | CVE

A vulnerability was found in Roxy-WI up to 8.1.3. It has been declared as critical. Affected by this vulnerability is the function action_service of the file app/modules/roxywi/roxy.py. The manipulation of the argument action/service leads to os command injection.

This vulnerability is known as CVE-2024-13129. The attack can be launched remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.

CVE-2024-13129 | Roxy-WI up to 8.1.3 roxy.py action_service action/service os command injection

Related Posts

CVE-2024-53145 | Linux Kernel up to 6.12.1 um integer overflow

CVE-2024-2744 | NextGEN Gallery Plugin up to 3.59.0 on WordPress Setting cross site scripting

CVE-2024-41473 | Tenda FH1201 1.2.0.14 ip/goform/WriteFacMac mac command injection

CVE-2024-7397 | Korenix JetPort 5601v3 up to 1.2 command injection