### [CVE-2023-48251](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48251)
![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXA011S-36V%20(0608842011)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXA011S-36V-B%20(0608842012)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXA015S-36V%20(0608842001)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXA015S-36V-B%20(0608842006)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXA030S-36V%20(0608842002)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXA030S-36V-B%20(0608842007)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXA050S-36V%20(0608842003)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXA050S-36V-B%20(0608842008)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXA065S-36V%20(0608842013)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXA065S-36V-B%20(0608842014)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXP012QD-36V%20(0608842005)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXP012QD-36V-B%20(0608842010)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXV012T-36V%20(0608842015)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Nexo%20cordless%20nutrunner%20NXV012T-36V-B%20(0608842016)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Nexo%20special%20cordless%20nutrunner%20(0608PE2272)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Nexo%20special%20cordless%20nutrunner%20(0608PE2301)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Nexo%20special%20cordless%20nutrunner%20(0608PE2514)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Nexo%20special%20cordless%20nutrunner%20(0608PE2515)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Nexo%20special%20cordless%20nutrunner%20(0608PE2666)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Nexo%20special%20cordless%20nutrunner%20(0608PE2673)&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=NEXO-OS%20V1000-Release%3C%3D%20NEXO-OS%20V1500-SP2%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-798%20Use%20of%20Hard-coded%20Credentials&color=brighgreen)

### Description

The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/oxagast/oxasploits