CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-31848

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecos_pw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the encoding is reversible and lacks integrity protection, an attacker can reconstruct or forge a valid cookie value without proper authentication. This allows unauthorized administrative access to protected endpoints.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 17.7%

CVSS Severity

CVSS v3 Score 9.8

References

https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.01.01.37.zip
https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/

Products affected by CVE-2026-31848

Nexxtsolutions » Nebula300plus » Version: N/A

cpe:2.3:h:nexxtsolutions:nebula300plus:-
Nexxtsolutions » Nebula300plus Firmware » Version: Any

cpe:2.3:o:nexxtsolutions:nebula300plus_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-31848

Products

Pricing

Contact Us