The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required
packetstormsecurity.com/files/170366/Nexxt-Router-Firmware-42.103.1.5095-Remote-Code-Execution.html
packetstormsecurity.com/files/170366/Nexxt-Router-Firmware-80.103.2.5045-Remote-Code-Execution.html
cxsecurity.com/issue/WLB-2023010006
packetstormsecurity.com/files/170366/Nexxt-Router-Firmware-42.103.1.5095-Remote-Code-Execution.html
www.nexxtsolutions.com/connectivity/search/?q=ARN02304U8