Back to KEVs

CVE-2022-31126

Unauthenticated Remote Code Execution in Roxy-wi

Basic Information

CVE State
PUBLISHED
Reserved Date
May 18, 2022
Published Date
July 06, 2022
Last Updated
April 23, 2025
Vendor
hap-wi
Product
roxy-wi
Description
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to code execution by sending a specially crafted HTTP request to /app/options.py file. This affects Roxy-wi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.
Tags
apache nginx nuclei_scanner

CVSS Scores

CVSS v3.1

10.0 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

EPSS Score

Score
85.68% (Percentile: 99.32%) as of 2025-05-31

SSVC Information

Exploitation
none
Automatable
Yes
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2025-05-03 00:00:00 UTC) Source

References

https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-mh86-878h-43c9

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-05-03 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-31126.yaml 2025-04-26 00:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Detected by Nuclei

  • Added to KEVIntel