CVE-2026-31847
Published: Mar 23, 2026
Modified: Mar 26, 2026
Description
Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can activate a Telnet service on port 23. This exposes a privileged diagnostic interface that is not intended for external access and can be used to interact with the underlying system.
| Vendor | Product | Versions |
|---|---|---|
Nexxt Solutions | Nebula 300+ | affected <= 12.01.01.37 - <= Nebula300+_v12.01.01.37 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now