CVE-2026-31846

Description

An unauthenticated credential disclosure vulnerability in the /goform/ate endpoint of Nexxt Solutions Nebula 300+ firmware through Nebula300+_v12.01.01.37 allows an adjacent attacker to obtain the administrator password in Base64-encoded form via a crafted HTTP request. The recovered credential can be used to authenticate to the device and facilitates further compromise when combined with other weaknesses present in the firmware.

References

• https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.01.01.37.zip
• https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/