This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Roxy-WI < 6.1.1.0 suffers from **Command Injection**. π **Consequences**: Attackers can execute arbitrary OS commands remotely via the `subprocess_execute` function. This leads to full server compromise.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: **CWE-77** (Command Injection). The flaw lies in the `/app/options.py` file.β¦
π’ **Affected**: **Roxy-WI** versions **before 6.1.1.0**. π¦ **Vendor**: hap-wi. π **Component**: The web interface used to manage Haproxy, Nginx, and Keepalived servers.
Q4What can hackers do? (Privileges/Data)
π **Capabilities**: Hackers gain **Remote Code Execution (RCE)**. π **Impact**: They can read/write sensitive data, modify configurations, and potentially pivot to other internal systems.β¦
β‘ **Threshold**: **LOW**. π« **Auth**: No authentication required (`PR:N`). π±οΈ **UI**: No user interaction needed (`UI:N`). π **Vector**: Network-based (`AV:N`). This is a critical, easy-to-exploit vulnerability.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Exploit Status**: **YES**. Public PoC exists via Nuclei templates. π **Reference**: `CVE-2022-31161.yaml` on ProjectDiscovery GitHub. Wild exploitation is highly likely given the low barrier to entry.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for Roxy-WI instances. π§ͺ **Test**: Send crafted requests to the `/app/options.py` endpoint targeting the `delcert` parameter.β¦
β **Fix**: **YES**. Official patch released in **v6.1.1.0**. π₯ **Action**: Upgrade Roxy-WI immediately to version 6.1.1.0 or later. Check the GitHub release notes for details.
Q9What if no patch? (Workaround)
π **No Patch?**: If upgrading isn't possible, **block external access** to the Roxy-WI web interface. π§ **Mitigate**: Implement strict WAF rules to filter command injection patterns in the `delcert` parameter.β¦
π₯ **Urgency**: **CRITICAL**. π¨ **Priority**: **IMMEDIATE ACTION REQUIRED**. CVSS Score indicates High Impact. With no auth required, automated bots are likely scanning for this. Patch now to prevent compromise.