CVE-2026-31847

Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can activate a Telnet service on port 23. This exposes a privileged diagnostic interface that is not intended for external access and can be used to interact with the underlying system.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.01.01.37.zip	Product
https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/	Product

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:nexxtsolutions:nebula300plus_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:nexxtsolutions:nebula300plus:-:*:*:*:*:*:*:*

History

29 Apr 2026, 17:46

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
First Time		Nexxtsolutions nebula300plus Firmware Nexxtsolutions Nexxtsolutions nebula300plus
CPE		cpe:2.3:o:nexxtsolutions:nebula300plus_firmware:::::::: cpe:2.3:h:nexxtsolutions:nebula300plus:-:::::::*
References	~~() https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.01.01.37.zip -~~	() https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.01.01.37.zip - Product
References	~~() https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/ -~~	() https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/ - Product

26 Mar 2026, 11:16

Type	Values Removed	Values Added
Summary		(es) Funcionalidad oculta en el endpoint /goform/setSysTools en el firmware de Nexxt Solutions Nebula 300+ hasta la versión 12.01.01.37 permite la habilitación remota de un servicio Telnet. Una vez habilitado, el servicio expone una interfaz de gestión de diagnóstico privilegiada a través de la red, aumentando la superficie de ataque y permitiendo un compromiso adicional del dispositivo.
Summary	(en) Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. Once enabled, the service exposes a privileged diagnostic management interface over the network, increasing the attack surface and enabling further compromise of the device.	(en) Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can activate a Telnet service on port 23. This exposes a privileged diagnostic interface that is not intended for external access and can be used to interact with the underlying system.

23 Mar 2026, 13:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-23 13:16

Updated : 2026-04-29 17:46

NVD link : CVE-2026-31847

Mitre link : CVE-2026-31847

CVE.ORG link : CVE-2026-31847

JSON object : View

Products Affected

nexxtsolutions

nebula300plus
nebula300plus_firmware

CWE

CWE-912

Hidden Functionality

8.8 /10