Nebula 300
Monthly
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 lacks rate limiting and account lockout mechanisms on its authentication interface, enabling attackers to conduct brute-force attacks against user credentials without operational resistance. This vulnerability affects the Nebula 300+ device family as confirmed through CPE matching. An attacker with network access to the authentication interface can enumerate valid accounts and attempt unlimited password guesses, potentially compromising administrative or user-level access to the device.
The Nexxt Solutions Nebula 300+ wireless router stores sensitive administrative credentials and WiFi pre-shared keys in plaintext within exported configuration backup files, enabling information disclosure through CWE-256 (Plaintext Storage of Password). This vulnerability affects firmware versions through 12.01.01.37 and allows an attacker who gains access to a backup file to immediately obtain full administrative and wireless network access without requiring cryptographic attacks. No CVSS score, EPSS data, or active KEV designation is currently available, but the plaintext credential exposure represents a critical risk for any environment relying on configuration backups.
This vulnerability is a Cross-Site Request Forgery (CSRF) flaw affecting the Nexxt Solutions Nebula 300+ device firmware through version 12.01.01.37, where state-changing administrative endpoints lack proper CSRF protections. An attacker can trick an authenticated administrator into submitting malicious requests that modify critical device settings, including security configurations, without the administrator's knowledge or consent. No CVSS score or EPSS data is currently available, and the vulnerability has not been confirmed as actively exploited in the wild, though the lack of CSRF protections on administrative functions represents a significant trust boundary violation.
The Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 contains an authentication bypass vulnerability where administrative credentials are stored in the ecos_pw cookie using reversible Base64 encoding with a static suffix, allowing attackers who obtain this cookie to forge valid administrative sessions and gain unauthorized device access. The vulnerability affects a network appliance product line and represents a critical authentication control failure. No CVSS score or EPSS data is currently available, and KEV/active exploitation status is unknown; however, the reversible encoding mechanism and static suffix suggest this is likely highly exploitable in practice.
A hidden functionality vulnerability exists in the /goform/setSysTools endpoint of Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37, allowing unauthenticated remote attackers to enable a Telnet service that exposes a privileged diagnostic management interface. This significantly expands the attack surface and enables further device compromise through an unencrypted network protocol. No CVSS score, EPSS data, or KEV status is currently available, but the severity is elevated given the remote nature of exploitation and the direct access to privileged diagnostic functions.
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 lacks rate limiting and account lockout mechanisms on its authentication interface, enabling attackers to conduct brute-force attacks against user credentials without operational resistance. This vulnerability affects the Nebula 300+ device family as confirmed through CPE matching. An attacker with network access to the authentication interface can enumerate valid accounts and attempt unlimited password guesses, potentially compromising administrative or user-level access to the device.
The Nexxt Solutions Nebula 300+ wireless router stores sensitive administrative credentials and WiFi pre-shared keys in plaintext within exported configuration backup files, enabling information disclosure through CWE-256 (Plaintext Storage of Password). This vulnerability affects firmware versions through 12.01.01.37 and allows an attacker who gains access to a backup file to immediately obtain full administrative and wireless network access without requiring cryptographic attacks. No CVSS score, EPSS data, or active KEV designation is currently available, but the plaintext credential exposure represents a critical risk for any environment relying on configuration backups.
This vulnerability is a Cross-Site Request Forgery (CSRF) flaw affecting the Nexxt Solutions Nebula 300+ device firmware through version 12.01.01.37, where state-changing administrative endpoints lack proper CSRF protections. An attacker can trick an authenticated administrator into submitting malicious requests that modify critical device settings, including security configurations, without the administrator's knowledge or consent. No CVSS score or EPSS data is currently available, and the vulnerability has not been confirmed as actively exploited in the wild, though the lack of CSRF protections on administrative functions represents a significant trust boundary violation.
The Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 contains an authentication bypass vulnerability where administrative credentials are stored in the ecos_pw cookie using reversible Base64 encoding with a static suffix, allowing attackers who obtain this cookie to forge valid administrative sessions and gain unauthorized device access. The vulnerability affects a network appliance product line and represents a critical authentication control failure. No CVSS score or EPSS data is currently available, and KEV/active exploitation status is unknown; however, the reversible encoding mechanism and static suffix suggest this is likely highly exploitable in practice.
A hidden functionality vulnerability exists in the /goform/setSysTools endpoint of Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37, allowing unauthenticated remote attackers to enable a Telnet service that exposes a privileged diagnostic management interface. This significantly expands the attack surface and enables further device compromise through an unencrypted network protocol. No CVSS score, EPSS data, or KEV status is currently available, but the severity is elevated given the remote nature of exploitation and the direct access to privileged diagnostic functions.