Skip to main content

Nebula 300 CVE-2026-31848

| EUVDEUVD-2026-14415 HIGH
Cleartext Storage of Sensitive Information (CWE-312)
2026-03-23 TuranSec GHSA-7xw4-69gx-5gch
8.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.7 HIGH
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Re-analysis Queued
Apr 29, 2026 - 17:52 vuln.today
cvss_changed
EUVD ID Assigned
Mar 23, 2026 - 12:45 euvd
EUVD-2026-14415
Analysis Generated
Mar 23, 2026 - 12:45 vuln.today
CVE Published
Mar 23, 2026 - 12:09 nvd
HIGH 8.7

DescriptionCVE.org

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores administrative authentication material in the ecos_pw cookie using a reversible Base64-encoded format with a static suffix. An attacker who obtains or derives this cookie value can forge a valid administrative session and gain unauthorized access to the device.

AnalysisAI

The Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 contains an authentication bypass vulnerability where administrative credentials are stored in the ecos_pw cookie using reversible Base64 encoding with a static suffix, allowing attackers who obtain this cookie to forge valid administrative sessions and gain unauthorized device access. The vulnerability affects a network appliance product line and represents a critical authentication control failure. No CVSS score or EPSS data is currently available, and KEV/active exploitation status is unknown; however, the reversible encoding mechanism and static suffix suggest this is likely highly exploitable in practice.

Technical ContextAI

The vulnerability stems from improper credential storage in HTTP cookies, violating CWE-312 (Cleartext Storage of Sensitive Information). The Nexxt Solutions Nebula 300+ (identified via CPE cpe:2.3:a:nexxt_solutions:nebula_300+:*:*:*:*:*:*:*:*) uses a cookie-based session mechanism for administrative authentication; instead of storing cryptographically-derived session tokens, the firmware stores authentication material directly in the ecos_pw cookie using Base64 encoding—a reversible, non-cryptographic encoding scheme. The addition of a static suffix further weakens security by making the encoding format predictable and reducing effective entropy. This design assumes obscurity rather than implementing proper credential handling such as salted hashing, encrypted storage, or server-side session tokens.

RemediationAI

Upgrade Nexxt Solutions Nebula 300+ firmware to a version newer than 12.01.01.37 as soon as a patched release is available from the vendor (consult https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/ for updates). Until a patch is deployed, implement network-level controls: restrict administrative access to the device via network segmentation or firewall rules limiting management traffic to trusted IP ranges, enforce HTTPS-only communication to reduce cookie interception risk, disable or restrict cookie-based authentication in favor of certificate-based or multi-factor authentication if the device supports it, and monitor for suspicious administrative login activity. Additionally, audit all active administrative sessions and consider rotating any administrative credentials that may have been exposed. Isolate affected Nebula 300+ devices from untrusted networks until patching is complete.

Share

CVE-2026-31848 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy