CVE-2024-13129

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jan 3, 2025
CWE ID 78
CWE ID 77

Summary

CVE-2024-13129 is a critical vulnerability affecting Roxy-WI versions up to 8.1.3. The function action_service in the file app/modules/roxywi/roxy.py contains a flaw that allows os command injection. An attacker can exploit this vulnerability by manipulating the argument action/service, enabling remote code execution. The exploit for this vulnerability has been disclosed to the public, making it a significant threat. Users are strongly advised to upgrade to version 8.1.4 to mitigate the risk. The patch identifier is 32313928eb9ce906887b8a30bf7b9a3d5c0de1be.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share