PT-2026-27116 · Nexxt Solutions · Nebula 300+
Angel Barre
·
Publicado
2026-03-23
·
Atualizado
2026-03-23
·
CVE-2026-31849
CVSS v4.0
7.2
Alta
| Vetor | AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Nexxt Solutions Nebula 300+ firmware versions through 12.01.01.37
Description
The Nexxt Solutions Nebula 300+ firmware does not have Cross-Site Request Forgery (CSRF) protections on administrative endpoints that change the device’s state. An attacker can make an authenticated administrator unintentionally submit requests to modify device settings, including security configurations. The affected endpoints allow modification of device settings without the administrator’s knowledge.
Recommendations
Update to a version beyond 12.01.01.37.
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Nebula 300+