← Retour aux CVEs
CVE-2026-31849
N/ADescription
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an authenticated administrator’s browser, leading to unauthorized configuration changes, including enabling services or modifying system settings.
Details CVE
Score CVSS v3.1N/A
Publie3/23/2026
Derniere modification3/26/2026
Sourcenvd
Observations honeypot0
Faiblesses (CWE)
CWE-352
References
https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.01.01.37.zip(309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c)
https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/(309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.