Description
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecos_pw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the encoding is reversible and lacks integrity protection, an attacker can reconstruct or forge a valid cookie value without proper authentication. This allows unauthorized administrative access to protected endpoints.
Published: 2026-03-23
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Authentication Bypass
Action: Immediate Patch
AI Analysis

Impact

The Nebula 300+ firmware uses an ecos_pw cookie that stores Base64‑encoded credential data with a static suffix. Because the encoding is reversible and the cookie lacks integrity checks, an attacker can create a valid cookie without authenticating. Submitting such a forged cookie allows the attacker to gain administrative access to protected endpoints, threatening confidentiality, integrity, and availability of the device.

Affected Systems

All Nexxt Solutions Nebula 300+ units running firmware version 12.01.01.37 or earlier are vulnerable to this flaw. The issue is contained within the firmware of this product family and any installation with a version equal to or older than 12.01.01.37 must be examined.

Risk and Exploitability

The CVSS score of 8.7 rates this vulnerability as high. The EPSS of less than 1% indicates that exploitation is currently unlikely, and it is not listed in the CISA KEV catalog. The likely attack vector is remote: an attacker can craft a valid ecos_pw cookie and send it to any reachable Nebula 300+ device, bypassing authentication without requiring local access or additional privileges.

Generated by OpenCVE AI on March 26, 2026 at 12:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Nebula 300+ firmware update that removes reliance on the reversible ecos_pw cookie
  • Restrict network access to the device’s administrative interfaces to trusted IP ranges while the patch is applied
  • Verify the firmware version after updating and monitor for further vendor patches

Generated by OpenCVE AI on March 26, 2026 at 12:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 11:00:00 +0000

Type Values Removed Values Added
Description Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores administrative authentication material in the ecos_pw cookie using a reversible Base64-encoded format with a static suffix. An attacker who obtains or derives this cookie value can forge a valid administrative session and gain unauthorized access to the device. Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecos_pw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the encoding is reversible and lacks integrity protection, an attacker can reconstruct or forge a valid cookie value without proper authentication. This allows unauthorized administrative access to protected endpoints.
Title Reversible ecos_pw cookie allows administrative authentication in Nexxt Nebula 300+ Reversible ecos_pw Cookie Allows Authentication Bypass in Nexxt Nebula 300+

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Nexxtsolutions
Nexxtsolutions nebula300+
Vendors & Products Nexxtsolutions
Nexxtsolutions nebula300+

Mon, 23 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 12:45:00 +0000

Type Values Removed Values Added
Description Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores administrative authentication material in the ecos_pw cookie using a reversible Base64-encoded format with a static suffix. An attacker who obtains or derives this cookie value can forge a valid administrative session and gain unauthorized access to the device.
Title Reversible ecos_pw cookie allows administrative authentication in Nexxt Nebula 300+
Weaknesses CWE-312
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Nexxtsolutions Nebula300+
cve-icon MITRE

Status: PUBLISHED

Assigner: TuranSec

Published:

Updated: 2026-03-26T10:45:19.121Z

Reserved: 2026-03-09T18:20:23.399Z

Link: CVE-2026-31848

cve-icon Vulnrichment

Updated: 2026-03-23T15:16:35.967Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-23T13:16:30.490

Modified: 2026-03-26T11:16:20.677

Link: CVE-2026-31848

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T13:55:19Z

Weaknesses