Nexxt Solutions Nebula 300+ Unauthenticated Credential Disclosure Vulnerability

Vulnerability

A vulnerability allowing unauthenticated credential disclosure has been identified in the Nexxt Solutions Nebula 300+ wireless router, specifically in the firmware version Nebula300+_v12.01.01.37. This vulnerability resides in the /goform/ate endpoint, where an adjacent attacker can obtain the administrator password in Base64-encoded form by sending a crafted HTTP request. The extracted credential can be used to authenticate to the device, potentially leading to further compromise when combined with other existing weaknesses in the firmware.

Impact

Exploitation of this vulnerability allows for unauthorized access to the device with administrative privileges, which could be used to exploit other vulnerabilities in the firmware, leading to a more significant compromise.

Added: Mar 23, 2026, 12:18 PM

Updated: Mar 23, 2026, 12:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.9

remediation

0.0

relevance

4.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.9

remediation

0.0

relevance

4.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nexxt Solutions Nebula 300+ Unauthenticated Credential Disclosure Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating