CVE-2026-31849

High CVSS: 7.2

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an authenticated administrator’s browser, leading to unauthorized configuration changes, including enabling services or modifying system settings.

Vendor

Product

CWE

CWE-352

Yayın Tarihi

2026-03-23 13:16:30

Güncelleme

2026-03-26 11:16:20

Source Identifier

309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c

KEV Date Added

Kategoriler

CWE-352 HIGH 2026

Referanslar

https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.01.01.37.zip https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/