An authenticated Remote Code Execution vulnerability exists in Roxy-WI versions 8.2.6.4 and prior, posing a critical risk to all managed load balancer infrastructure.

This vulnerability is an authenticated arbitrary file write flaw within the WAF configuration saving function that fails to properly sanitize file paths. By manipulating the config_file_name parameter, an authenticated attacker can write malicious cron jobs to the filesystem, resulting in root-level Remote Code Execution.

With a CVSS score of 9.9, this vulnerability represents a critical threat. Successful exploitation grants an attacker full control over the load balancer, which acts as a central gateway for network traffic. This could lead to total compromise of application traffic, data exfiltration, and significant service disruption across the entire managed environment.

Immediate Action: Review the vendor security advisory at https://github.com/roxy-wi/roxy-wi/security/advisories and prioritize upgrading to the latest available version once released.

Proactive Monitoring: Monitor server logs for unauthorized modifications to system configuration files or suspicious cron jobs located in /etc/cron.d/.

Compensating Controls: Implement strict network segmentation to limit access to the Roxy-WI management interface to authorized administrative personnel only.

Public Exploit Available: False

The severity of this vulnerability necessitates immediate attention. Given the potential for full system compromise, administrators should restrict access to the Roxy-WI interface and monitor for any anomalous file system activity until a patch is applied.