CVE-2026-31851

Lack of Rate Limiting Enables Brute-Force Attacks in Nexxt Nebula 300+

CVSS 7.7 HIGHEPSS 0.3%CWE-307

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 7.7EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

23 mar 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authentication attempts against endpoints that rely on credential validation, enabling brute-force attacks to guess administrative credentials without restriction.

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Produtos afetados

Nexxt Solutions · Nebula 300+

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.01.01.37.zip https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/