CVE-2022-31137

Unauthenticated Remote Code Execution in Roxy-WI

Basic Information

CVE State: PUBLISHED
Reserved Date: May 18, 2022
Published Date: July 08, 2022
Last Updated: April 22, 2025
Vendor: hap-wi
Product: roxy-wi
Description: Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Attackers need not be authenticated to exploit this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Tags

10.0 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Source	Added Date
The Shadowserver (via CIRCL)	2025-11-08 00:00:00 UTC

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-31137.yaml	2025-06-02 14:11:03 UTC
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/roxy_wi_exec.rb	2025-04-28 15:02:10 UTC

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

Type: metasploit • Created: Unknown

Metasploit module for CVE-2022-31137