CVE-2026-31851

EPSS 0.33%
Veröffentlicht 23.03.2026 12:21:54
Zuletzt bearbeitet 29.04.2026 17:37:36
Quelle 309f9ea4-e3e9-4c6c-b79d-e8eb01
CVE-Watchlists
Login
Unerledigt
Login

Lack of Rate Limiting Enables Brute-Force Attacks in Nexxt Nebula 300+

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authentication attempts against endpoints that rely on credential validation, enabling brute-force attacks to guess administrative credentials without restriction.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nexxtsolutions ≫ Nebula300plus Firmware Version <= 12.01.01.37

Nexxtsolutions ≫ Nebula300plus Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.33%	0.249

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c	7.7	0	0	CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.01.01.37.zip

Product

https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/

Product

https://nvd.nist.gov/vuln/detail/CVE-2026-31851

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-31851

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-31851

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-31851