CVE-2022-44149

CVSS V2 None CVSS V3 None
Description
The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required
Overview
  • CVE ID
  • CVE-2022-44149
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-01-06T17:15:09
  • Last Modified Date
  • 2023-01-30T15:27:48
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:nexxtsolutions:amp300_firmware:42.103.1.5095:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:nexxtsolutions:amp300:-:*:*:*:*:*:*:* 0 OR
History
Created Old Value New Value Data Type Notes
2023-01-06 17:16:50 Added to TrackCVE
2023-01-06 18:22:16 2023-01-06T17:26:11 CVE Modified Date updated
2023-01-06 18:22:16 Received Awaiting Analysis Vulnerability Status updated
2023-01-12 05:16:09 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-01-12 15:15:44 2023-01-12T14:36:53 CVE Modified Date updated
2023-01-12 15:15:44 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-12 15:15:45 Weakness Enumeration new
2023-01-12 15:15:48 CPE Information updated
2023-01-26 23:15:28 2023-01-26T21:17:51 CVE Modified Date updated
2023-01-26 23:15:28 Analyzed Modified Vulnerability Status updated
2023-01-26 23:15:29 References updated
2023-01-27 11:16:57 Modified Undergoing Analysis Vulnerability Status updated
2023-01-27 15:14:28 2023-01-27T14:15:09 CVE Modified Date updated
2023-01-27 15:14:28 The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required. The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required Description updated
2023-01-27 15:14:29 References updated
2023-01-30 17:14:43 2023-01-30T15:27:48 CVE Modified Date updated
2023-01-30 17:14:43 Undergoing Analysis Analyzed Vulnerability Status updated