CVE-2021-38167: 
Roxy-WI vulnerability analysis and mitigation

Roxy-WI through version 5.2.2.0 contains a SQL Injection vulnerability in the check_login functionality (CVE-2021-38167). The vulnerability allows an unauthenticated attacker to extract a valid UUID to bypass authentication (GitHub Issue). This vulnerability was discovered and disclosed on August 7, 2021 (NVD).

The vulnerability exists in the checklogin() function within /app/sql.py where SQL statements have user-controlled input supplied directly into SQL queries. Specifically, the uuid cookie value is directly inserted into the SQL query without proper sanitization in the updatelastactuser() function. The vulnerability has been assigned a CVSS v3.1 Base Score of 9.8 CRITICAL with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (NVD).

A successful exploitation of this vulnerability allows an unauthenticated attacker to perform blind SQL injection to dump the database or extract a valid UUID, which can then be used to bypass authentication completely. This gives the attacker unauthorized access to the application with potentially elevated privileges (GitHub Issue).

Users should upgrade to a version newer than 5.2.2.0 if available. The vulnerability affects all versions through 5.2.2.0 (NVD).