Remote OS Command Execution Vulnerability in Nexxt Amp300 ARN02304U8 Devices

Remote OS Command Execution Vulnerability in Nexxt Amp300 ARN02304U8 Devices

CVE-2022-44149 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required

Learn more about our Web App Pen Testing.