Lucene search

[email protected]NVD:CVE-2022-44149

HistoryJan 06, 2023 - 5:15 p.m.

CVE-2022-44149

2023-01-0617:15:09

CWE-78

[email protected]

web.nvd.nist.gov

web service

remote execution

authentication required

nexxt amp300 arn02304u8

42.103.1.5095

80.103.2.5045

json host field

ping feature

command execution

os command

cve-2022-44149

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.038

Percentile

92.1%

JSON

The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required

Affected configurations

Nvd

Node

nexxtsolutionsamp300_firmwareMatch42.103.1.5095

nexxtsolutionsamp300_firmwareMatch80.103.2.5045

AND

nexxtsolutionsamp300Match-

VendorProductVersionCPE
nexxtsolutionsamp300_firmware42.103.1.5095cpe:2.3:o:nexxtsolutions:amp300_firmware:42.103.1.5095:*:*:*:*:*:*:*
nexxtsolutionsamp300_firmware80.103.2.5045cpe:2.3:o:nexxtsolutions:amp300_firmware:80.103.2.5045:*:*:*:*:*:*:*
nexxtsolutionsamp300-cpe:2.3:h:nexxtsolutions:amp300:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nexxtsolutions	amp300_firmware	42.103.1.5095	cpe:2.3:o:nexxtsolutions:amp300_firmware:42.103.1.5095:::::::*
nexxtsolutions	amp300_firmware	80.103.2.5045	cpe:2.3:o:nexxtsolutions:amp300_firmware:80.103.2.5045:::::::*
nexxtsolutions	amp300	-	cpe:2.3:h:nexxtsolutions:amp300:-:::::::*