← volver
CVE-2026-31849

Missing CSRF Protection on Administrative Endpoints in Nexxt Nebula 300+

CVSS 7.2 HIGHEPSS 0.1%CWE-352
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an authenticated administrator’s browser, leading to unauthorized configuration changes, including enabling services or modifying system settings.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
Nexxt Solutions · Nebula 300+

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.01.01.37.ziphttps://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/