VYPR

Nebula300plus Firmware

by Nexxt Solutions

CVEs (5)

  • CVE-2026-31851CriMar 23, 2026
    risk 0.64cvss 9.8epss 0.00

    Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authentication attempts against endpoints that rely on credential validation, enabling…

  • CVE-2026-31848CriMar 23, 2026
    risk 0.64cvss 9.8epss 0.00

    Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecos_pw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the encoding is reversible and lacks integrity protection, an attacker can…

  • CVE-2026-31847HigMar 23, 2026
    risk 0.57cvss 8.8epss 0.00

    Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an…

  • CVE-2026-31849MedMar 23, 2026
    risk 0.42cvss 6.5epss 0.00

    Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the…

  • CVE-2026-31850MedMar 23, 2026
    risk 0.32cvss 4.9epss 0.00

    Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files. These backup files can be obtained through legitimate…