CVE-2026-31846
Deferred Deferred - Pending Action
Credential Disclosure in Nexxt Nebula300+ via /goform/ate Endpoint

Publication date: 2026-03-23

Last updated on: 2026-05-19

Assigner: 309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c

Description
Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device information, including the administrator password. The endpoint returns a raw response containing parameters such as Login_PW, which is Base64-encoded. An attacker can decode this value to obtain valid administrative credentials and authenticate to the device.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-23
Last Modified
2026-05-19
Generated
2026-06-16
AI Q&A
2026-03-23
EPSS Evaluated
2026-06-15
NVD
CVE-2026-31846
EUVD
EUVD-2026-14402
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nexxt_solutions nebula_300+ 12.01.01.37
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an unauthenticated credential disclosure issue found in the /goform/ate endpoint of Nexxt Solutions Nebula 300+ firmware versions up to Nebula300+_v12.01.01.37.

An attacker who is adjacent to the device (on the same network segment) can send a specially crafted HTTP request to this endpoint and obtain the administrator password in Base64-encoded form without needing to authenticate.

Once the attacker recovers the administrator credential, they can use it to log into the device and potentially carry out further attacks by exploiting other weaknesses in the firmware.

Impact Analysis

The impact of this vulnerability is that an attacker on the same network can gain unauthorized access to the administrator account of the affected device.

With the administrator password, the attacker can authenticate to the device, which may allow them to change configurations, intercept network traffic, or exploit additional vulnerabilities present in the firmware.

This can lead to a compromise of the device's security and potentially the broader network it is connected to.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by monitoring HTTP requests to the /goform/ate endpoint on Nexxt Solutions Nebula 300+ devices. An attacker sends a crafted HTTP request to this endpoint to retrieve the administrator password in Base64-encoded form.

To detect attempts or exploitation, you can capture and analyze network traffic for HTTP requests targeting the /goform/ate endpoint from adjacent network sources.

Example commands to detect such activity include using packet capture tools like tcpdump or Wireshark:

  • tcpdump -i <interface> 'tcp port 80 and (((ip src <adjacent_network>) and (tcp[32:4] = 0x2f676f66)) or (tcp[((tcp[12] & 0xf0) >> 2):4] = 0x2f676f66))'
  • In this command, '0x2f676f66' is the hex representation of '/gof' (start of '/goform/ate'), and <interface> and <adjacent_network> should be replaced with your network interface and adjacent network IP range respectively.

Alternatively, you can use web server logs or intrusion detection systems to look for HTTP requests to /goform/ate endpoint without authentication.

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable device's management interface to trusted networks only, especially blocking access from adjacent networks where possible.

Since the vulnerability allows unauthenticated disclosure of administrator credentials via the /goform/ate endpoint, disabling or restricting access to this endpoint can help mitigate the risk.

Additionally, changing the administrator password after any suspected compromise is recommended.

Monitoring for unusual HTTP requests to the /goform/ate endpoint and applying network segmentation to limit exposure can also reduce the attack surface.

Finally, check for firmware updates from Nexxt Solutions that address this vulnerability and apply them as soon as they become available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31846. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart