The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/170366/Nexxt-Router-Firmware-42.103.1.5095-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/170366/Nexxt-Router-Firmware-80.103.2.5045-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
https://cxsecurity.com/issue/WLB-2023010006 | Exploit Third Party Advisory |
https://packetstormsecurity.com/files/170366/Nexxt-Router-Firmware-42.103.1.5095-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
https://www.nexxtsolutions.com/connectivity/search/?q=ARN02304U8 | Product Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-01-06T00:00:00
Updated: 2023-01-27T00:00:00
Reserved: 2022-10-30T00:00:00
Link: CVE-2022-44149
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-01-06T17:15:09.363
Modified: 2023-01-30T15:27:48.180
Link: CVE-2022-44149
JSON object: View
Redhat Information
No data.
CWE