Aggregates CVE and security vulnerability intelligence across all nexxtsolutions-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk csrf and related security problems, affecting vendor surface software deployment and vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-31851 | Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authentication attempts against endpoints that rely on credential validation, enabling brute-force attacks to guess administrative credentials without restriction. | 309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c | 7.7 | 0.09% | 2026-03-23 | 2026-04-29 |
| CVE-2026-31850 | Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files. These backup files can be obtained through legitimate functionality or other weaknesses and do not apply encryption or hashing, allowing attackers to directly extract sensitive information. | 309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c | 6.8 | 0.01% | 2026-03-23 | 2026-04-29 |
| CVE-2026-31849 | Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an authenticated administrator’s browser, leading to unauthorized configuration changes, including enabling services or modifying system settings. | 309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c | 7.2 | 0.02% | 2026-03-23 | 2026-04-29 |
| CVE-2026-31848 | Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecos_pw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the encoding is reversible and lacks integrity protection, an attacker can reconstruct or forge a valid cookie value without proper authentication. This allows unauthorized administrative access to protected endpoints. | 309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c | 8.7 | 0.04% | 2026-03-23 | 2026-04-29 |
| CVE-2026-31847 | Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can activate a Telnet service on port 23. This exposes a privileged diagnostic interface that is not intended for external access and can be used to interact with the underlying system. | 309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c | 8.5 | 0.11% | 2026-03-23 | 2026-04-29 |
| CVE-2022-46080 | Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and command execution by using the HTTPD service to enable TELNET. | [email protected] | 9.8 | 15.19% | 2023-07-06 | 2024-11-21 |
| CVE-2022-44149 | The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required | [email protected] | 8.8 | 82.16% | 2023-01-06 | 2025-04-09 |