Nexxt Solutions
Products
6- 6 CVEs
- 5 CVEs
- 3 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
12| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-31851 | Cri | 0.64 | 9.8 | 0.00 | Mar 23, 2026 | Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authentication attempts against endpoints that rely on credential validation, enabling… | ||
| CVE-2026-31848 | Cri | 0.64 | 9.8 | 0.00 | Mar 23, 2026 | Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecos_pw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the encoding is reversible and lacks integrity protection, an attacker can… | ||
| CVE-2025-52376 | Cri | 0.64 | 9.8 | 0.09 | Jul 15, 2025 | An authentication bypass vulnerability in the /web/um_open_telnet.cgi endpoint in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below, allowing an attacker to remotely enable the Telnet service without authentication, bypassing security controls. The Telnet server… | ||
| CVE-2026-31847 | Hig | 0.57 | 8.8 | 0.00 | Mar 23, 2026 | Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an… | ||
| CVE-2026-31849 | Med | 0.42 | 6.5 | 0.00 | Mar 23, 2026 | Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the… | ||
| CVE-2026-31846 | Med | 0.42 | 6.5 | 0.00 | Mar 23, 2026 | Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device information, including the administrator password. The endpoint returns a raw response… | ||
| CVE-2025-52379 | Med | 0.35 | 5.4 | 0.10 | Jul 15, 2025 | Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below contains an authenticated command injection vulnerability in the firmware update feature. The /web/um_fileName_set.cgi and /web/um_web_upgrade.cgi endpoints fail to properly sanitize the upgradeFileName parameter,… | ||
| CVE-2025-52378 | Med | 0.35 | 5.4 | 0.06 | Jul 15, 2025 | Cross-Site Scripting (XSS) vulnerability in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below allowing attackers to inject JavaScript code that is executed in the context of administrator sessions when viewing the device management page via the DEVICE_ALIAS… | ||
| CVE-2025-52377 | Med | 0.35 | 5.4 | 0.09 | Jul 15, 2025 | Command injection vulnerability in Nexxt Solutions NCM-X1800 Mesh Router versions UV1.2.7 and below, allowing authenticated attackers to execute arbitrary commands on the device. The vulnerability is present in the web management interface's ping and traceroute functionality,… | ||
| CVE-2026-31850 | Med | 0.32 | 4.9 | 0.00 | Mar 23, 2026 | Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files. These backup files can be obtained through legitimate… | ||
| CVE-2022-44149 | 0.10 | — | 0.64 | Jan 6, 2023 | The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required | |||
| CVE-2022-46080 | 0.01 | — | 0.02 | Jul 6, 2023 | Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and command execution by using the HTTPD service to enable TELNET. |
- risk 0.64cvss 9.8epss 0.00
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authentication attempts against endpoints that rely on credential validation, enabling…
- risk 0.64cvss 9.8epss 0.00
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecos_pw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the encoding is reversible and lacks integrity protection, an attacker can…
- risk 0.64cvss 9.8epss 0.09
An authentication bypass vulnerability in the /web/um_open_telnet.cgi endpoint in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below, allowing an attacker to remotely enable the Telnet service without authentication, bypassing security controls. The Telnet server…
- risk 0.57cvss 8.8epss 0.00
Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an…
- risk 0.42cvss 6.5epss 0.00
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the…
- risk 0.42cvss 6.5epss 0.00
Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device information, including the administrator password. The endpoint returns a raw response…
- risk 0.35cvss 5.4epss 0.10
Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below contains an authenticated command injection vulnerability in the firmware update feature. The /web/um_fileName_set.cgi and /web/um_web_upgrade.cgi endpoints fail to properly sanitize the upgradeFileName parameter,…
- risk 0.35cvss 5.4epss 0.06
Cross-Site Scripting (XSS) vulnerability in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below allowing attackers to inject JavaScript code that is executed in the context of administrator sessions when viewing the device management page via the DEVICE_ALIAS…
- risk 0.35cvss 5.4epss 0.09
Command injection vulnerability in Nexxt Solutions NCM-X1800 Mesh Router versions UV1.2.7 and below, allowing authenticated attackers to execute arbitrary commands on the device. The vulnerability is present in the web management interface's ping and traceroute functionality,…
- risk 0.32cvss 4.9epss 0.00
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files. These backup files can be obtained through legitimate…
- CVE-2022-44149Jan 6, 2023risk 0.10cvss —epss 0.64
The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required
- CVE-2022-46080Jul 6, 2023risk 0.01cvss —epss 0.02
Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and command execution by using the HTTPD service to enable TELNET.