{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31849", "assignerOrgId": "309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c", "state": "PUBLISHED", "assignerShortName": "TuranSec", "dateReserved": "2026-03-09T18:20:23.399Z", "datePublished": "2026-03-23T12:16:59.624Z", "dateUpdated": "2026-03-26T10:45:40.996Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c", "shortName": "TuranSec", "dateUpdated": "2026-03-26T10:45:40.996Z"}, "title": "Missing CSRF Protection on Administrative Endpoints in Nexxt Nebula 300+", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "type": "CWE"}]}], "impacts": [{"descriptions": [{"lang": "en", "value": "A remote attacker can cause an authenticated administrator's browser to send forged state-changing requests, resulting in unauthorized configuration changes."}]}], "affected": [{"vendor": "Nexxt Solutions", "product": "Nebula 300+", "versions": [{"status": "affected", "version": "<= 12.01.01.37"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an authenticated administrator\u2019s browser, leading to unauthorized configuration changes, including enabling services or modifying system settings.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as <code>/goform/setSysTools</code> and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an authenticated administrator\u2019s browser, leading to unauthorized configuration changes, including enabling services or modifying system settings."}]}], "references": [{"url": "https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/", "name": "Official product page"}, {"url": "https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.01.01.37.zip", "name": "Firmware download"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "credits": [{"lang": "en", "value": "Angel Barre (call4pwn)", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T15:17:48.215554Z", "id": "CVE-2026-31849", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T15:51:53.375Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-31849", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-23T15:17:48.215554Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T15:17:49.181Z"}}], "cna": {"title": "Missing CSRF Protection on Administrative Endpoints in Nexxt Nebula 300+", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Angel Barre (call4pwn)"}], "impacts": [{"descriptions": [{"lang": "en", "value": "A remote attacker can cause an authenticated administrator's browser to send forged state-changing requests, resulting in unauthorized configuration changes."}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.2, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Nexxt Solutions", "product": "Nebula 300+", "versions": [{"status": "affected", "version": "<= 12.01.01.37"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/", "name": "Official product page"}, {"url": "https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.01.01.37.zip", "name": "Firmware download"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an authenticated administrator\u2019s browser, leading to unauthorized configuration changes, including enabling services or modifying system settings.", "supportingMedia": [{"type": "text/html", "value": "Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as <code>/goform/setSysTools</code> and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an authenticated administrator\u2019s browser, leading to unauthorized configuration changes, including enabling services or modifying system settings.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c", "shortName": "TuranSec", "dateUpdated": "2026-03-26T10:45:40.996Z"}}}, "cveMetadata": {"cveId": "CVE-2026-31849", "state": "PUBLISHED", "dateUpdated": "2026-03-26T10:45:40.996Z", "dateReserved": "2026-03-09T18:20:23.399Z", "assignerOrgId": "309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c", "datePublished": "2026-03-23T12:16:59.624Z", "assignerShortName": "TuranSec"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an authenticated administrator\u2019s browser, leading to unauthorized configuration changes, including enabling services or modifying system settings."}, {"lang": "es", "value": "El firmware de Nexxt Solutions Nebula 300+ hasta la versi\u00f3n 12.01.01.37 no implementa protecciones CSRF en los endpoints administrativos que cambian el estado. Un atacante remoto puede inducir a un administrador autenticado a enviar solicitudes manipuladas que modifican la configuraci\u00f3n del dispositivo, incluyendo la configuraci\u00f3n relevante para la seguridad, sin la intenci\u00f3n del administrador."}], "id": "CVE-2026-31849", "lastModified": "2026-03-26T11:16:20.827", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c", "type": "Secondary"}]}, "published": "2026-03-23T13:16:30.640", "references": [{"source": "309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c", "url": "https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.01.01.37.zip"}, {"source": "309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c", "url": "https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/"}], "sourceIdentifier": "309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,12.01.01.37]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Nebula 300+", "source": "cna", "vendor": "Nexxt Solutions"}, "product": "nebula300+", "vendor": "nexxtsolutions"}], "analysis": {"en": {"generated_at": "2026-03-26T12:22:25.669167+00:00", "value": {"mitigation_remediation": ["Verify the current firmware version on each Nebula 300+ device", "Download the latest firmware release from the Nexxt Solutions official site", "Apply the firmware upgrade following the vendor\u2019s documented procedures", "Confirm that CSRF protections are active on administrative endpoints after the update", "Continuously monitor configuration changes and restrict administrative access to trusted IP addresses"], "summary": {"action": "Apply Update", "impact": "Unauthorized configuration changes via CSRF in administrative interfaces"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Nexxt Solutions Nebula 300+ product line, specifically firmware releases up to version 12.01.01.37. Devices running any of these firmware versions are susceptible.", "description_and_impact": "Nexxt Solutions Nebula 300+ firmware versions up to 12.01.01.37 lack CSRF protection on admin endpoints such as /goform/setSysTools. An attacker who succeeds in inducing an authenticated administrator\u2019s browser to send forged requests can change configuration settings, enabling services or altering system parameters without the user\u2019s knowledge.", "risk_and_exploitability": "The CVSS score of 7.2 indicates a moderate to high impact; the EPSS score is below 1%, and the issue is not listed in the CISA KEV catalog. Although no exploit has been observed, the attack vector is inferred to be web\u2011based, relying on CSRF to manipulate an authenticated administrator session. With the correct conditions, an attacker could alter configuration to a detrimental state."}}}}, "created": "2026-03-24T10:34:38.354893+00:00", "updated": "2026-03-26T13:55:18.628016+00:00", "vendors": ["nexxtsolutions", "nexxtsolutions$PRODUCT$nebula300+"]}