CVE-2026-31846

Name of the Vulnerable Software and Affected Versions Nexxt Solutions Nebula 300+ firmware versions through 12.01.01.37

Description A flaw exists that allows an unauthenticated attacker to retrieve sensitive device information, including the administrator password. The issue is present in the /goform/ate API endpoint. A crafted HTTP request to this endpoint returns a response containing parameters such as Login PW, which is Base64-encoded. An attacker can decode this value to obtain valid administrative credentials and authenticate to the device. Successful exploitation allows an adjacent attacker to obtain the administrator password. The recovered credential can be used to authenticate to the device and may facilitate further compromise.

Recommendations Versions prior to 12.01.01.37 should be updated.