Nexxtsolutions Nebula300plus_firmware
5 CVEs affecting Nexxtsolutions Nebula300plus_firmware. Latest disclosed: 2026-03-23. Critical: 2, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-31851 | Critical | 9.8 | 2026-03-23 | Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. A… |
CVE-2026-31848 | Critical | 9.8 | 2026-03-23 | Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecos_pw cookie for authentication, which contains Base64-encoded credential data comb… |
CVE-2026-31847 | High | 8.8 | 2026-03-23 | Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Teln… |
CVE-2026-31849 | Medium | 6.5 | 2026-03-23 | Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools an… |
CVE-2026-31850 | Medium | 4.9 | 2026-03-23 | Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, i… |