VYPR

Nebula 300+

by Nexxt Solutions

CVEs (6)

  • CVE-2026-31851CriMar 23, 2026
    risk 0.64cvss 9.8epss 0.00

    Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authentication attempts against endpoints that rely on credential validation, enabling…

  • CVE-2026-31848CriMar 23, 2026
    risk 0.64cvss 9.8epss 0.00

    Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecos_pw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the encoding is reversible and lacks integrity protection, an attacker can…

  • CVE-2026-31847HigMar 23, 2026
    risk 0.57cvss 8.8epss 0.00

    Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an…

  • CVE-2026-31849MedMar 23, 2026
    risk 0.42cvss 6.5epss 0.00

    Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the…

  • CVE-2026-31846MedMar 23, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device information, including the administrator password. The endpoint returns a raw response…

  • CVE-2026-31850MedMar 23, 2026
    risk 0.32cvss 4.9epss 0.00

    Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files. These backup files can be obtained through legitimate…