VYPR
Vendor

Nexxt Solutions

Products
6
CVEs
12
Across products
18
Status
Private

Products

6

Recent CVEs

12
  • CVE-2026-31851CriMar 23, 2026
    risk 0.64cvss 9.8epss 0.00

    Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authentication attempts against endpoints that rely on credential validation, enabling…

  • CVE-2026-31848CriMar 23, 2026
    risk 0.64cvss 9.8epss 0.00

    Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecos_pw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the encoding is reversible and lacks integrity protection, an attacker can…

  • CVE-2025-52376CriJul 15, 2025
    risk 0.64cvss 9.8epss 0.09

    An authentication bypass vulnerability in the /web/um_open_telnet.cgi endpoint in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below, allowing an attacker to remotely enable the Telnet service without authentication, bypassing security controls. The Telnet server…

  • CVE-2026-31847HigMar 23, 2026
    risk 0.57cvss 8.8epss 0.00

    Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an…

  • CVE-2026-31849MedMar 23, 2026
    risk 0.42cvss 6.5epss 0.00

    Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the…

  • CVE-2026-31846MedMar 23, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device information, including the administrator password. The endpoint returns a raw response…

  • CVE-2025-52379MedJul 15, 2025
    risk 0.35cvss 5.4epss 0.10

    Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below contains an authenticated command injection vulnerability in the firmware update feature. The /web/um_fileName_set.cgi and /web/um_web_upgrade.cgi endpoints fail to properly sanitize the upgradeFileName parameter,…

  • CVE-2025-52378MedJul 15, 2025
    risk 0.35cvss 5.4epss 0.06

    Cross-Site Scripting (XSS) vulnerability in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below allowing attackers to inject JavaScript code that is executed in the context of administrator sessions when viewing the device management page via the DEVICE_ALIAS…

  • CVE-2025-52377MedJul 15, 2025
    risk 0.35cvss 5.4epss 0.09

    Command injection vulnerability in Nexxt Solutions NCM-X1800 Mesh Router versions UV1.2.7 and below, allowing authenticated attackers to execute arbitrary commands on the device. The vulnerability is present in the web management interface's ping and traceroute functionality,…

  • CVE-2026-31850MedMar 23, 2026
    risk 0.32cvss 4.9epss 0.00

    Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files. These backup files can be obtained through legitimate…

  • CVE-2022-44149Jan 6, 2023
    risk 0.10cvss epss 0.64

    The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required

  • CVE-2022-46080Jul 6, 2023
    risk 0.01cvss epss 0.02

    Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and command execution by using the HTTPD service to enable TELNET.