Nexxt Solutions Nebula 300+ CSRF Vulnerability in Administrative Endpoints
Vulnerability
A vulnerability exists in Nexxt Solutions Nebula 300+ routers running firmware through version 12.01.01.37, where cross-site request forgery (CSRF) protections are not applied to state-changing administrative endpoints. This flaw allows remote attackers to trick authenticated administrators into sending modified requests that change device settings, including important security configurations, without the administrators' knowledge.
Impact
Exploitation of this vulnerability could lead to unauthorized changes in device settings, potentially allowing attackers to manipulate security-related configurations.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.