CVE-2026-31848 Reversible ecos_pw Cookie Allows Authentication Bypass in Nexxt Nebula 300+

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecospw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the encoding is reversible and lacks integrity protection, an attacker can reconstruct or forge a valid...

CVE-2026-31848 Reversible ecos_pw Cookie Allows Authentication Bypass in Nexxt Nebula 300+

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecospw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the encoding is reversible and lacks integrity protection, an attacker can reconstruct or forge a valid...

CVE-2026-31848

Nexxt Solutions Nebula 300+ firmware

CVE-2026-31848

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecospw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the encoding is reversible and lacks integrity protection, an attacker can reconstruct or forge a valid...

CVE-2023-29680

Cleartext Transmission in set-cookie:ecospw: Tenda N301 v6.0, Firmware v12.02.01.61multi allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password...

CVE-2023-29680

CVE-2023-29680 affects Tenda N301 devices with v6.0 firmware (example: v12.02.01.61_multi). The issue is cleartext transmission via the set-cookie:ecos_pw cookie, allowing an authenticated attacker on the LAN/WLAN to intercept router communications and obtain the password. Red Hat and NVD entries...