32 matches found
CVE-2026-31847
Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can...
CVE-2026-31851
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authentication attempts against endpoints that rely on credential validation, enabling brute-force attack...
CVE-2026-31851 Lack of Rate Limiting Enables Brute-Force Attacks in Nexxt Nebula 300+
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authentication attempts against endpoints that rely on credential validation, enabling brute-force attack...
CVE-2026-31851
CVE-2026-31851 affects Nexxt Solutions Nebula 300+ firmware up to version 12.01.01.37. The primary issue is lack of rate limiting and account lockout on authentication interfaces, allowing unlimited authentication attempts and potential brute-force attempts to obtain administrative credentials. S...
CVE-2026-31851 Lack of Rate Limiting Enables Brute-Force Attacks in Nexxt Nebula 300+
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authentication attempts against endpoints that rely on credential validation, enabling brute-force attack...
CVE-2026-31850
CVE-2026-31850 affects Nexxt Solutions Nebula 300+ firmware up to 12.01.01.37. The vulnerability arises because administrative credentials and WiFi pre‑shared keys are stored in plaintext inside exported configuration backup files, enabling exposure if backups are accessed. CVSS 4.0 base score 6....
CVE-2026-31850 Plaintext Storage of Credentials in Configuration Backup in Nexxt Nebula 300+
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files. These backup files can be obtained through legitimate functionality or other...
CVE-2026-31850 Plaintext Storage of Credentials in Configuration Backup in Nexxt Nebula 300+
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files. These backup files can be obtained through legitimate functionality or other...
CVE-2026-31849 Missing CSRF Protection on Administrative Endpoints in Nexxt Nebula 300+
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an...
CVE-2026-31849
The affected product is Nexxt Solutions Nebula 300+ with firmware up to 12.01.01.37. The vulnerability arises because CSRF protections are not implemented on state-changing administrative endpoints, allowing a remote attacker to entice an authenticated administrator into submitting crafted reques...
CVE-2026-31849 Missing CSRF Protection on Administrative Endpoints in Nexxt Nebula 300+
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an...
CVE-2026-31846
Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device information, including the administrator password. The endpoint returns a raw response containing...
CVE-2026-31848 Reversible ecos_pw Cookie Allows Authentication Bypass in Nexxt Nebula 300+
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecospw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the encoding is reversible and lacks integrity protection, an attacker can reconstruct or forge a valid...
CVE-2026-31848
Nexxt Solutions Nebula 300+ firmware
CVE-2026-31848
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecospw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the encoding is reversible and lacks integrity protection, an attacker can reconstruct or forge a valid...
CVE-2026-31847
CVE-2026-31847 concerns Nexxt Solutions Nebula 300+ devices running firmware up to 12.01.01.37. A hidden functionality in the /goform/setSysTools endpoint can remotely enable Telnet, which then exposes a privileged diagnostic management interface over the network. This increases attack surface an...
CVE-2026-31847 Hidden Functionality Enables Remote Telnet Activation via /goform/setSysTools in Nexxt Nebula 300+
Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can...
CVE-2026-31847 Hidden Functionality Enables Remote Telnet Activation via /goform/setSysTools in Nexxt Nebula 300+
Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can...
CVE-2026-31846 Unauthenticated Credential Disclosure via /goform/ate in Nexxt Nebula 300+
Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device information, including the administrator password. The endpoint returns a raw response containing...
CVE-2026-31846 Unauthenticated Credential Disclosure via /goform/ate in Nexxt Nebula 300+
Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device information, including the administrator password. The endpoint returns a raw response containing...