Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. Once enabled, the service exposes a privileged diagnostic management interface over the network, increasing the attack surface and enabling further compromise of the device.
AnalysisAI
A hidden functionality vulnerability exists in the /goform/setSysTools endpoint of Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37, allowing unauthenticated remote attackers to enable a Telnet service that exposes a privileged diagnostic management interface. This significantly expands the attack surface and enables further device compromise through an unencrypted network protocol. No CVSS score, EPSS data, or KEV status is currently available, but the severity is elevated given the remote nature of exploitation and the direct access to privileged diagnostic functions.
Technical ContextAI
The vulnerability resides in improper access control to hidden administrative functionality within the Nebula 300+ network device firmware (CPE: cpe:2.3:a:nexxt_solutions:nebula_300+:*:*:*:*:*:*:*:*). The root cause falls under CWE-912 (Hidden Functionality), which describes situations where code exists but is not intended to be visible or callable through normal interfaces, yet remains accessible through direct invocation. The /goform/setSysTools endpoint fails to properly validate authorization before allowing enablement of the Telnet service, a cleartext remote administration protocol that typically requires authentication but may expose diagnostic capabilities with reduced or no credential requirements. This represents a design flaw where privileged functionality was left accessible despite ostensibly being disabled or hidden from the standard user interface.
RemediationAI
Upgrade Nexxt Solutions Nebula 300+ firmware to a version later than 12.01.01.37 as released by the vendor. Check the official Nexxt Solutions support portal and the product documentation at https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/ for the latest patched firmware. If immediate patching is not possible, implement network access controls by restricting access to the device's administrative interface to trusted IP ranges only, disable Telnet at the firewall level if it is not required, and monitor device logs for suspicious HTTP requests to /goform/setSysTools. Consider placing the device on an isolated management network segment separate from production traffic.
More in Nebula 300
View allThe Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 contains an authentication bypass vulnerability whe
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 lacks rate limiting and account lockout mechanisms on i
This vulnerability is a Cross-Site Request Forgery (CSRF) flaw affecting the Nexxt Solutions Nebula 300+ device firmware
The Nexxt Solutions Nebula 300+ wireless router stores sensitive administrative credentials and WiFi pre-shared keys in
Same weakness CWE-912 – Hidden Functionality
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-14413