Vulnerability CVE-2022-44149


Published: 2023-01-06

Description:
The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required.

See advisories in our WLB2 database:
Topic
Author
Date
High
Nexxt Router Firmware 42.103.1.5095 Remote Code Execution
Yerodin Richards
05.01.2023

 References:
https://packetstormsecurity.com/files/170366/Nexxt-Router-Firmware-42.103.1.5095-Remote-Code-Execution.html
https://cxsecurity.com/issue/WLB-2023010006
https://www.nexxtsolutions.com/connectivity/search/?q=ARN02304U8

Copyright 2024, cxsecurity.com

 

Back to Top