Description
Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device information, including the administrator password. The endpoint returns a raw response containing parameters such as Login_PW, which is Base64-encoded. An attacker can decode this value to obtain valid administrative credentials and authenticate to the device.
Published: 2026-03-23
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Credential Disclosure
Action: Immediate Patch
AI Analysis

Impact

The flaw in the /goform/ate endpoint of Nexxt Solutions Nebula 300+ firmware is a missing authentication requirement, categorised as CWE-306. An adjacent attacker who can reach the device can submit a request to that endpoint and receive a raw response that contains configuration parameters, including the Login_PW field encoded in Base64. Decoding that payload reveals the active administrator password, giving the attacker full control of the device and the ability to modify, disable, or exfiltrate data.

Affected Systems

The vulnerability affects Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 and devices running Tenda F3 V2.0 firmware. Any deployment of these products installed on a local network is susceptible.

Risk and Exploitability

With a CVSS score of 7.1 the vulnerability is classified as high severity. The EPSS score is below 1% and it is not listed in CISA’s Known Exploited Vulnerabilities catalog. The likely attack vector is a local network adversary that can reach the device; the exploit requires only network connectivity and no privileged credentials. Once the attacker accesses the endpoint, the information disclosed can be used directly to authenticate and gain administrative control.

Generated by OpenCVE AI on March 26, 2026 at 13:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device firmware to a version that removes unauthenticated access to the /goform/ate endpoint.
  • If a firmware update is not yet available, block or restrict access to the /goform/ate endpoint using firewall rules or network segmentation so that only trusted internal hosts can reach the device.
  • Enable device logging and monitor for requests to the /goform/ate endpoint to detect potential exploitation attempts.

Generated by OpenCVE AI on March 26, 2026 at 13:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 11:00:00 +0000

Type Values Removed Values Added
Description An unauthenticated credential disclosure vulnerability in the /goform/ate endpoint of Nexxt Solutions Nebula 300+ firmware through Nebula300+_v12.01.01.37 allows an adjacent attacker to obtain the administrator password in Base64-encoded form via a crafted HTTP request. The recovered credential can be used to authenticate to the device and facilitates further compromise when combined with other weaknesses present in the firmware. Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device information, including the administrator password. The endpoint returns a raw response containing parameters such as Login_PW, which is Base64-encoded. An attacker can decode this value to obtain valid administrative credentials and authenticate to the device.
Title Unauthenticated Credential Disclosure in Nebula 300+ Firmware Unauthenticated Credential Disclosure via /goform/ate in Nexxt Nebula 300+

Wed, 25 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Title Unauthenticated Credential Disclosure in Nebula 300+ Firmware

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Nexxtsolutions
Nexxtsolutions nebula300+
Vendors & Products Nexxtsolutions
Nexxtsolutions nebula300+

Mon, 23 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Description An unauthenticated credential disclosure vulnerability in the /goform/ate endpoint of Nexxt Solutions Nebula 300+ firmware through Nebula300+_v12.01.01.37 allows an adjacent attacker to obtain the administrator password in Base64-encoded form via a crafted HTTP request. The recovered credential can be used to authenticate to the device and facilitates further compromise when combined with other weaknesses present in the firmware.
Weaknesses CWE-306
References
Metrics cvssV2_0

{'score': 6.1, 'vector': 'AV:A/AC:L/Au:N/C:C/I:N/A:N'}

cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Nexxtsolutions Nebula300+
cve-icon MITRE

Status: PUBLISHED

Assigner: TuranSec

Published:

Updated: 2026-03-26T10:44:33.160Z

Reserved: 2026-03-09T18:20:23.399Z

Link: CVE-2026-31846

cve-icon Vulnrichment

Updated: 2026-03-23T15:07:14.396Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-23T12:16:07.267

Modified: 2026-03-26T11:16:20.290

Link: CVE-2026-31846

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T13:55:21Z

Weaknesses