CVE-2026-31851 | THREATINT

Description

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authentication attempts against endpoints that rely on credential validation, enabling brute-force attacks to guess administrative credentials without restriction.

PUBLISHED Reserved 2026-03-09 | Published 2026-03-23 | Updated 2026-03-26 | Assigner TuranSec

HIGH: 7.7CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-307 Improper Restriction of Excessive Authentication Attempts

Product status

Default status

unaffected

<= 12.01.01.37

affected

Credits

Angel Barre (call4pwn) finder

References

www.nexxtsolutions.com/...vity/internal-products/ARN02304U6/

nexxt-connectivity-frontend.s3.amazonaws.com/...01.01.37.zip

cve.org (CVE-2026-31851)

nvd.nist.gov (CVE-2026-31851)

Download JSON