PT-2026-27116 · Nexxt Solutions · Nebula 300+
Angel Barre
·
Published
2026-03-23
·
Updated
2026-03-23
·
CVE-2026-31849
CVSS v4.0
7.2
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Nexxt Solutions Nebula 300+ firmware versions through 12.01.01.37
Description
The Nexxt Solutions Nebula 300+ firmware does not have Cross-Site Request Forgery (CSRF) protections on administrative endpoints that change the device’s state. An attacker can make an authenticated administrator unintentionally submit requests to modify device settings, including security configurations. The affected endpoints allow modification of device settings without the administrator’s knowledge.
Recommendations
Update to a version beyond 12.01.01.37.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nebula 300+