Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2024-13129
Deferred
More InfoOfficial Page
Source-cna@vuldb.com
View Known Exploited Vulnerability (KEV) details
Published At-03 Jan, 2025 | 22:15
Updated At-15 Apr, 2026 | 00:35

A vulnerability was found in Roxy-WI up to 8.1.3. It has been declared as critical. Affected by this vulnerability is the function action_service of the file app/modules/roxywi/roxy.py. The manipulation of the argument action/service leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 8.1.4 is able to address this issue. The identifier of the patch is 32313928eb9ce906887b8a30bf7b9a3d5c0de1be. It is recommended to upgrade the affected component.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary2.09.0HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
Type: Secondary
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 2.0
Base score: 9.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-77Secondarycna@vuldb.com
CWE-78Secondarycna@vuldb.com
CWE ID: CWE-77
Type: Secondary
Source: cna@vuldb.com
CWE ID: CWE-78
Type: Secondary
Source: cna@vuldb.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/0xs1ash/Exploits/tree/main/CVE-EXPLOITcna@vuldb.com
N/A
https://github.com/roxy-wi/roxy-wi/pull/410cna@vuldb.com
N/A
https://github.com/roxy-wi/roxy-wi/pull/410#issuecomment-2561289700cna@vuldb.com
N/A
https://github.com/roxy-wi/roxy-wi/pull/410/commits/32313928eb9ce906887b8a30bf7b9a3d5c0de1becna@vuldb.com
N/A
https://github.com/roxy-wi/roxy-wi/releases/tag/v8.1.4cna@vuldb.com
N/A
https://vuldb.com/?ctiid.290149cna@vuldb.com
N/A
https://vuldb.com/?id.290149cna@vuldb.com
N/A
https://vuldb.com/?submit.468530cna@vuldb.com
N/A
Hyperlink: https://github.com/0xs1ash/Exploits/tree/main/CVE-EXPLOIT
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://github.com/roxy-wi/roxy-wi/pull/410
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://github.com/roxy-wi/roxy-wi/pull/410#issuecomment-2561289700
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://github.com/roxy-wi/roxy-wi/pull/410/commits/32313928eb9ce906887b8a30bf7b9a3d5c0de1be
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://github.com/roxy-wi/roxy-wi/releases/tag/v8.1.4
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?ctiid.290149
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?id.290149
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?submit.468530
Source: cna@vuldb.com
Resource: N/A
Change History
0Changes found

Details not found