← back
CVE-2026-31851

Lack of Rate Limiting Enables Brute-Force Attacks in Nexxt Nebula 300+

CVSS 7.7 HIGHEPSS 0.3%CWE-307
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authentication attempts against endpoints that rely on credential validation, enabling brute-force attacks to guess administrative credentials without restriction.
CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Nexxt Solutions · Nebula 300+

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.01.01.37.ziphttps://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/