CVE-2026-31850

EPSS 0.18%
Veröffentlicht 23.03.2026 12:21:41
Zuletzt bearbeitet 29.04.2026 17:39:51
Quelle 309f9ea4-e3e9-4c6c-b79d-e8eb01
CVE-Watchlists
Login
Unerledigt
Login

Plaintext Storage of Credentials in Configuration Backup in Nexxt Nebula 300+

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files. These backup files can be obtained through legitimate functionality or other weaknesses and do not apply encryption or hashing, allowing attackers to directly extract sensitive information.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nexxtsolutions ≫ Nebula300plus Firmware Version <= 12.01.01.37

Nexxtsolutions ≫ Nebula300plus Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.074

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c	6.8	0	0	CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-256 Plaintext Storage of a Password

Storing a password in plaintext may result in a system compromise.

https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.01.01.37.zip

Product

https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/

Product

https://nvd.nist.gov/vuln/detail/CVE-2026-31850

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-31850

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-31850

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-31850