CVE-2026-31849

Description

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing administrative endpoints. A remote attacker can induce an authenticated administrator to submit crafted requests that modify device settings, including security-relevant configuration, without the administrator's intent.

References

• https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.01.01.37.zip
• https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/