Back to search
CVE-2026-31849
Published: Mar 23, 2026
Modified: Mar 26, 2026
PUBLISHED
Description
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an authenticated administrator’s browser, leading to unauthorized configuration changes, including enabling services or modifying system settings.
| Vendor | Product | Versions |
|---|---|---|
Nexxt Solutions | Nebula 300+ | affected <= 12.01.01.37 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now