Unrated severityNVD Advisory· Published Jan 6, 2023· Updated Apr 9, 2025
CVE-2022-44149
CVE-2022-44149
Description
The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Nexxt/Amp300description
- Range: = 42.103.1.5095, 80.103.2.5045
Patches
Vulnerability mechanics
References
5- packetstormsecurity.com/files/170366/Nexxt-Router-Firmware-42.103.1.5095-Remote-Code-Execution.htmlmitre
- packetstormsecurity.com/files/170366/Nexxt-Router-Firmware-80.103.2.5045-Remote-Code-Execution.htmlmitre
- cxsecurity.com/issue/WLB-2023010006mitre
- packetstormsecurity.com/files/170366/Nexxt-Router-Firmware-42.103.1.5095-Remote-Code-Execution.htmlmitre
- www.nexxtsolutions.com/connectivity/search/mitre
News mentions
1- RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning ExploitsTrend Micro Research · Oct 9, 2025