CVE-2026-31849 | THREATINT

Description

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an authenticated administrator’s browser, leading to unauthorized configuration changes, including enabling services or modifying system settings.

PUBLISHED Reserved 2026-03-09 | Published 2026-03-23 | Updated 2026-03-26 | Assigner TuranSec

HIGH: 7.2CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-352 Cross-Site Request Forgery (CSRF)

Product status

Default status

unaffected

<= 12.01.01.37

affected

Credits

Angel Barre (call4pwn) finder

References

www.nexxtsolutions.com/...vity/internal-products/ARN02304U6/ (Official product page)

nexxt-connectivity-frontend.s3.amazonaws.com/...01.01.37.zip (Firmware download)

cve.org (CVE-2026-31849)

nvd.nist.gov (CVE-2026-31849)

Download JSON