Vulnerability Description
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authentication attempts against endpoints that rely on credential validation, enabling brute-force attacks to guess administrative credentials without restriction.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nexxtsolutions | Nebula300Plus Firmware | <= 12.01.01.37 |
| Nexxtsolutions | Nebula300Plus | - |
Related Weaknesses (CWE)
References
- https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.0Product
- https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/Product
FAQ
What is CVE-2026-31851?
CVE-2026-31851 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authenti...
How severe is CVE-2026-31851?
CVE-2026-31851 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-31851?
Check the references section above for vendor advisories and patch information. Affected products include: Nexxtsolutions Nebula300Plus Firmware, Nexxtsolutions Nebula300Plus.