CVE-2022-44149 Information

Description

The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required.

Reference

https://packetstormsecurity.com/files/170366/Nexxt-Router-Firmware-42.103.1.5095-Remote-Code-Execution.html https://cxsecurity.com/issue/WLB-2023010006 https://www.nexxtsolutions.com/connectivity/search/?q=ARN02304U8