CVE-2026-31849

Publication date

2026-03-23 12:16:59

Family

TuranSec

State

PUBLISHED

Description

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing administrative endpoints. A remote attacker can induce an authenticated administrator to submit crafted requests that modify device settings, including security-relevant configuration, without the administrators intent.