CVE-2026-31848

Description

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores administrative authentication material in the ecos_pw cookie using a reversible Base64-encoded format with a static suffix. An attacker who obtains or derives this cookie value can forge a valid administrative session and gain unauthorized access to the device.

References

• https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.01.01.37.zip
• https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/