8.8
CVE-2026-31847
- EPSS 0.42%
- Veröffentlicht 23.03.2026 12:07:05
- Zuletzt bearbeitet 29.04.2026 17:46:52
- Quelle 309f9ea4-e3e9-4c6c-b79d-e8eb01
- CVE-Watchlists
- Unerledigt
LoginHidden Functionality Enables Remote Telnet Activation via /goform/setSysTools in Nexxt Nebula 300+
Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can activate a Telnet service on port 23. This exposes a privileged diagnostic interface that is not intended for external access and can be used to interact with the underlying system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nexxtsolutions ≫ Nebula300plus Firmware Version <= 12.01.01.37
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.42% | 0.338 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c | 8.5 | 0 | 0 |
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-912 Hidden Functionality
The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.
https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.01.01.37.zip
https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/