Skip to main content

Nebula 300 Tenda F3 V2 0 Firmware

1 CVEs product

Monthly

CVE-2026-31846 HIGH This Week

An unauthenticated credential disclosure vulnerability exists in the /goform/ate endpoint of Nexxt Solutions Nebula 300+ firmware (including Tenda F3 v2.0 rebranded variants) through version 12.01.01.37, allowing adjacent network attackers to retrieve the Base64-encoded administrator password without authentication. The recovered credentials enable full device authentication and privilege escalation, facilitating further compromise when combined with other firmware weaknesses. No active KEV listing or public POC availability is currently documented, though the CVSS 6.5 score reflects the significant confidentiality impact despite network-adjacency requirement.

Authentication Bypass Nebula 300 Tenda F3 V2 0 Firmware
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
EPSS 0% CVSS 7.1
HIGH This Week

An unauthenticated credential disclosure vulnerability exists in the /goform/ate endpoint of Nexxt Solutions Nebula 300+ firmware (including Tenda F3 v2.0 rebranded variants) through version 12.01.01.37, allowing adjacent network attackers to retrieve the Base64-encoded administrator password without authentication. The recovered credentials enable full device authentication and privilege escalation, facilitating further compromise when combined with other firmware weaknesses. No active KEV listing or public POC availability is currently documented, though the CVSS 6.5 score reflects the significant confidentiality impact despite network-adjacency requirement.

Authentication Bypass Nebula 300 Tenda F3 V2 0 Firmware
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy