CVE-2022-31125

CRITICAL

Roxy-wi <6.1.1.0 - Auth Bypass

Title source: llm

Description

Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to bypass authentication and access admin functionality by sending a specially crafted HTTP request. This affects Roxywi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nuri Çilengir · textwebappspython

https://www.exploit-db.com/exploits/51226

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/171648/Roxy-WI-6.1.0.0-Improper-Authentication-Control.html

[Third Party Advisory] https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-hr76-3hxp-5mm3

Scores

CVSS v3 10.0

EPSS 0.1822

EPSS Percentile 95.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

Details

CWE

CWE-287

Status published

Products (1)

roxy-wi/roxy-wi < 6.1.1.0

Published Jul 06, 2022

Tracked Since Feb 18, 2026