CVE-2026-31851
Authentication Brute Force Vulnerability in Nexxt Nebula 300+ Firmware
Publication date: 2026-03-23
Last updated on: 2026-04-29
Assigner: 309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nexxtsolutions | nebula300plus_firmware | to 12.01.01.37 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-307 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Nexxt Solutions Nebula 300+ firmware versions up to 12.01.01.37. The issue is that the device does not implement rate limiting or account lockout mechanisms on its authentication interface.
Without rate limiting or account lockout, an attacker can repeatedly attempt to authenticate without restriction, potentially enabling brute force attacks to guess passwords or gain unauthorized access.
How can this vulnerability impact me? :
The lack of rate limiting and account lockout on the authentication interface can allow attackers to perform brute force attacks, which may lead to unauthorized access to the device.
Unauthorized access could compromise the security and integrity of the device and any network it is connected to, potentially leading to data breaches or further exploitation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know