← Voltar para CVEs
CVE-2026-31849
N/ADescricao
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an authenticated administrator’s browser, leading to unauthorized configuration changes, including enabling services or modifying system settings.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado3/23/2026
Ultima modificacao3/26/2026
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-352
Referencias
https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.01.01.37.zip(309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c)
https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/(309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.