CVE-2022-44149

HIGH EXPLOITED

Nexxt Amp300 ARN02304U8 RCE via Ping Feature JSON Host Field

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2022-44149 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 4 public exploits from researchers including Yerodin Richards, geniuszly, yerodin.

AI-analyzed exploit summary This exploit targets a command injection vulnerability in Nexxt Router Firmware 42.103.1.5095. It authenticates with the router and sends a malicious payload via the `sysTools` endpoint to enable telnetd, allowing remote code execution.

Description

The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required

Exploits (4)

exploitdb WORKING POC
by Yerodin Richards · pythonremotehardware
https://www.exploit-db.com/exploits/51195

This exploit targets a command injection vulnerability in Nexxt Router Firmware 42.103.1.5095. It authenticates with the router and sends a malicious payload via the `sysTools` endpoint to enable telnetd, allowing remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Nexxt Router Firmware 42.103.1.5095
Auth required
Prerequisites: Network access to the router · Valid admin credentials
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec STUB 5 stars
by geniuszly · poc
https://github.com/geniuszly/CVE-2022-44149

The repository contains a Python script and README for CVE-2022-44149, but the payload is a placeholder ('example_payload') and lacks actual exploit logic. It demonstrates authentication and payload delivery structure but does not implement the vulnerability.

Classification
Stub 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Unspecified router (likely Zyxel or similar)
Auth required
Prerequisites: Router web interface access · Valid credentials (default or known)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by yerodin · remote-auth
https://github.com/yerodin/CVE-2022-44149

This PoC exploits an authenticated RCE vulnerability in Nexxt Router Firmware 80.103.2.5045 by sending a malicious payload via the sysTools endpoint to enable telnetd. It requires valid credentials and leverages command injection in the host parameter.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Nexxt Router Firmware 80.103.2.5045
Auth required
Prerequisites: Valid admin credentials · Network access to the router
devstral-2 · analyzed Feb 16, 2026 Full analysis →
inthewild WORKING POC
poc
https://github.com/geniuszlyy/cve-2022-44149

This repository contains a functional Python script that exploits CVE-2022-44149, a vulnerability allowing arbitrary command execution via the router's web interface. The script includes authentication handling, payload delivery, and logging for analysis.

Classification
Working Poc 80%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Unknown router model (likely a specific vendor/model affected by CVE-2022-44149)
Auth required
Prerequisites: Router web interface accessible · Valid credentials (default or known) · Network access to the target router
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 8.8
EPSS 0.8216
EPSS Percentile 99.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

VulnCheck KEV 2025-01-15
CWE
CWE-78
Status published
Products (2)
nexxtsolutions/amp300_firmware 42.103.1.5095
nexxtsolutions/amp300_firmware 80.103.2.5045
Published Jan 06, 2023
Tracked Since Feb 18, 2026