Vulnerability Details CVE-2026-31847
Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can activate a Telnet service on port 23. This exposes a privileged diagnostic interface that is not intended for external access and can be used to interact with the underlying system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.8%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2026-31847
-
cpe:2.3:h:nexxtsolutions:nebula300plus:-
-
cpe:2.3:o:nexxtsolutions:nebula300plus_firmware:*