CVE-2026-31848

Published: Mar 23, 2026 Last Modified: Mar 23, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,7

Source: 309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c

Attack Vector: adjacent

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores administrative authentication material in the ecos_pw cookie using a reversible Base64-encoded format with a static suffix. An attacker who obtains or derives this cookie value can forge a valid administrative session and gain unauthorized access to the device.

312

Cleartext Storage of Sensitive Information

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality

Potential Impacts:

Read Application Data

Applicable Platforms

Technologies: Cloud Computing, ICS/OT, Mobile

View CWE Details

https://nexxt-connectivity-frontend.s3.amazonaws.com/media/…

https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.…

https://www.nexxtsolutions.com/connectivity/internal-produc…

https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/

CVE-2026-31848

Description

Cleartext Storage of Sensitive Information

Common Consequences

Applicable Platforms

Iscriviti alla newsletter