CVE-2026-31849

Published: Mar 23, 2026 Last Modified: Mar 23, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,2

Source: 309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: passive

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing administrative endpoints. A remote attacker can induce an authenticated administrator to submit crafted requests that modify device settings, including security-relevant configuration, without the administrator's intent.

352

Cross-Site Request Forgery (CSRF)

Stable

Abstraction: Compound Structure: Composite

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Availability Non-Repudiation Access Control

Potential Impacts:

Gain Privileges Or Assume Identity Bypass Protection Mechanism Read Application Data Modify Application Data Dos: Crash, Exit, Or Restart

Applicable Platforms

Technologies: Web Based, Web Server

Likelihood of Exploit: Medium

View CWE Details

https://nexxt-connectivity-frontend.s3.amazonaws.com/media/…

https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.…

https://www.nexxtsolutions.com/connectivity/internal-produc…

https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/

CVE-2026-31849

Description

Cross-Site Request Forgery (CSRF)

Common Consequences

Applicable Platforms

Iscriviti alla newsletter