Nexxtsolutions Nebula300plus Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Nexxtsolutions Nebula300plus Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2026-31848 — CVSS 9.8 (critical): Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecos_pw cookie for authentication, which contains Base64-encoded…
CVE-2026-31851 — CVSS 9.8 (critical): Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on…
CVE-2026-31847 — CVSS 8.8 (high): Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote…
CVE-2026-31849 — CVSS 6.5 (medium): Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as…
CVE-2026-31850 — CVSS 4.9 (medium): Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and…