CVE-2022-46080 – This vulnerability in Nexxt Nebula 1200-AC rout... (How to Fix)

Q: What is the severity of CVE-2022-46080?

CVE-2022-46080 has a CVSS score of 9.8 (CRITICAL). This vulnerability in Nexxt Nebula 1200-AC routers allows attackers to bypass authentication and execute arbitrary commands by exploiting the HTTPD service to enable TELNET access. It affects organizations using these specific routers with vulnerable firmware. The high CVSS score reflects the severe impact potential.

📋 TL;DR

This vulnerability in Nexxt Nebula 1200-AC routers allows attackers to bypass authentication and execute arbitrary commands by exploiting the HTTPD service to enable TELNET access. It affects organizations using these specific routers with vulnerable firmware. The high CVSS score reflects the severe impact potential.

💻 Affected Systems

Products:

Nexxt Nebula 1200-AC

Versions: 15.03.06.60

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific firmware version; other versions may also be vulnerable but unconfirmed.

📦 What is this software?

Nebula1200 Ac Firmware by Nexxtsolutions

View all CVEs affecting Nebula1200 Ac Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the router leading to network infiltration, data interception, lateral movement to internal systems, and persistent backdoor installation.

🟠

Likely Case

Unauthorized access to router configuration, network traffic monitoring, credential theft, and potential denial of service.

🟢

If Mitigated

Limited impact if network segmentation isolates the router and external access is restricted, though local network compromise remains possible.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available on GitHub, making this easily weaponizable by attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://nexxtsolutions.com

Restart Required: No

Instructions:

Check vendor website for firmware updates; if unavailable, consider workarounds or replacement.

🔧 Temporary Workarounds

Disable HTTPD service

all

Turn off the vulnerable HTTPD service to prevent exploitation.

Access router admin interface → Services → Disable HTTPD

Block TELNET ports

linux

Use firewall rules to block TELNET ports (typically 23) from unauthorized access.

iptables -A INPUT -p tcp --dport 23 -j DROP

🧯 If You Can't Patch

Isolate the router on a dedicated VLAN with strict access controls.
Implement network monitoring for unusual TELNET or HTTPD activity.

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface; if version is 15.03.06.60, it is vulnerable.

Check Version:

Login to router admin interface and navigate to System Information.

Verify Fix Applied:

Verify firmware has been updated to a patched version or HTTPD service is disabled.

📡 Detection & Monitoring

Log Indicators:

Unexpected TELNET service activation
Unauthorized HTTPD requests
Failed authentication attempts followed by successful access

Network Indicators:

Unusual traffic on port 23 (TELNET)
HTTP requests to router management interface from untrusted sources

SIEM Query:

source="router_logs" AND (event="TELNET enabled" OR event="HTTPD exploit")

📊 Metadata

CVE ID: CVE-2022-46080

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-863

Published: July 6, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/yerodin/CVE-2022-46080 Third Party Advisory
https://nexxtsolutions.com Not Applicable
https://github.com/yerodin/CVE-2022-46080 Third Party Advisory
https://nexxtsolutions.com Not Applicable

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-46080, you might also want to check these: