Description
Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can activate a Telnet service on port 23. This exposes a privileged diagnostic interface that is not intended for external access and can be used to interact with the underlying system.
Published: 2026-03-23
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch Immediately
AI Analysis

Impact

The vulnerability arises from hidden functionality in the /goform/setSysTools endpoint of Nexxt Solutions Nebula 300+ firmware versions up to 12.01.01.37. An authenticated attacker can send a crafted POST request that turns on a Telnet service on port 23, exposing a privileged diagnostic interface that is meant for internal use only. This flaw constitutes a CWE‑912 vulnerability and effectively provides remote code execution or privileged command execution capabilities to anyone that can authenticate to the device.

Affected Systems

This issue affects Nexxt Solutions Nebula 300+ devices running firmware versions 12.01.01.37 and earlier. The affected system is the Nebula 300+ network gateway, which typically serves as a local management point for connectivity infrastructure.

Risk and Exploitability

The vulnerability scores as CVSS 8.5, indicating high severity, while the EPSS score is below 1 %, implying current exploit prevalence is low and the vulnerability is not on the CISA Known Exploited Vulnerabilities list. Attackers need valid credentials to reach the endpoint, so the exploit requires prior access or credential compromise, but once authenticated, the attacker can activate Telnet with a simple POST request. The applied risk is elevated when the Nebula device is exposed to untrusted networks, as the enabled Telnet service opens a channel for arbitrary command execution.

Generated by OpenCVE AI on March 26, 2026 at 12:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device to a firmware version that removes the hidden Telnet activation capability.
  • If no update is available, block external access to the web interface and the /goform/setSysTools endpoint.
  • Disable the Telnet service in the device settings to prevent remote activation.
  • Enforce strong, unique credentials for device management and consider implementing multi‑factor authentication.
  • Monitor system logs for any changes to the Telnet service state and investigate suspicious activity.

Generated by OpenCVE AI on March 26, 2026 at 12:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Nexxtsolutions nebula300plus
Nexxtsolutions nebula300plus Firmware
CPEs cpe:2.3:h:nexxtsolutions:nebula300plus:-:*:*:*:*:*:*:*
cpe:2.3:o:nexxtsolutions:nebula300plus_firmware:*:*:*:*:*:*:*:*
Vendors & Products Nexxtsolutions nebula300plus
Nexxtsolutions nebula300plus Firmware
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Thu, 26 Mar 2026 11:15:00 +0000

Type Values Removed Values Added
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

 cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Thu, 26 Mar 2026 11:00:00 +0000

Type Values Removed Values Added
Description Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. Once enabled, the service exposes a privileged diagnostic management interface over the network, increasing the attack surface and enabling further compromise of the device. Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can activate a Telnet service on port 23. This exposes a privileged diagnostic interface that is not intended for external access and can be used to interact with the underlying system.
Title Hidden functionality allows remote Telnet enablement in Nexxt Nebula 300+ Hidden Functionality Enables Remote Telnet Activation via /goform/setSysTools in Nexxt Nebula 300+
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

 cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Nexxtsolutions
Nexxtsolutions nebula300+
Vendors & Products Nexxtsolutions
Nexxtsolutions nebula300+

Mon, 23 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 12:45:00 +0000

Type Values Removed Values Added
Description Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. Once enabled, the service exposes a privileged diagnostic management interface over the network, increasing the attack surface and enabling further compromise of the device.
Title Hidden functionality allows remote Telnet enablement in Nexxt Nebula 300+
Weaknesses CWE-912
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Nexxtsolutions Nebula300+ Nebula300plus Nebula300plus Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: TuranSec

Published:

Updated: 2026-03-26T10:52:50.115Z

Reserved: 2026-03-09T18:20:23.399Z

Link: CVE-2026-31847

cve-icon Vulnrichment

Updated: 2026-03-23T15:16:38.580Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-23T13:16:30.320

Modified: 2026-04-29T17:46:52.740

Link: CVE-2026-31847

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T13:55:20Z

Weaknesses