What is CVE-2022-44149?

CVE-2022-44149 is a vulnerability in N/a. Published 2023-01-06.

Is CVE-2022-44149 known to be exploited?

9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2022-44149

The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is requir…

EPSS: 0.822 (99.2th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

geniuszly/CVE-2022-44149
yerodin/CVE-2022-44149
k0mi-tg/CVE-POC
manas3c/CVE-POC
ARPSyndicate/cvemon
whoforget/CVE-POC
youwizard/CVE-POC
nomi-sec/PoC-in-GitHub
geniuszlyy/CVE-2022-44149

References

packetstormsecurity.com/files/170366/Nexxt-Router-Firmware-42.103.1.5095-Remote…
cxsecurity.com/issue/WLB-2023010006
www.nexxtsolutions.com/connectivity/search/
packetstormsecurity.com/files/170366/Nexxt-Router-Firmware-42.103.1.5095-Remote…
packetstormsecurity.com/files/170366/Nexxt-Router-Firmware-80.103.2.5045-Remote…

Frequently asked questions

What is CVE-2022-44149?: CVE-2022-44149 is a vulnerability in N/a. Published 2023-01-06.
Is CVE-2022-44149 known to be exploited?: 9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.