Unrated severityNVD Advisory· Published Jan 6, 2023· Updated Apr 9, 2025

CVE-2022-44149

Description

The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required

Affected products

Nexxt/Amp300description

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/170366/Nexxt-Router-Firmware-42.103.1.5095-Remote-Code-Execution.htmlmitre
packetstormsecurity.com/files/170366/Nexxt-Router-Firmware-80.103.2.5045-Remote-Code-Execution.htmlmitre
cxsecurity.com/issue/WLB-2023010006mitre
packetstormsecurity.com/files/170366/Nexxt-Router-Firmware-42.103.1.5095-Remote-Code-Execution.htmlmitre
www.nexxtsolutions.com/connectivity/search/mitre

News mentions

RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning Exploits
Trend Micro Research · Oct 9, 2025

cvss	0.000
epss	0.066
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000