HIGH
Nexxt Solutions
CVE published 2026-03-23
CVE-2026-31846
A missing authentication vulnerability in Nexxt Solutions Nebula 300+ wireless routers allows adjacent unauthenticated attackers to retrieve administrative credentials. The /goform/ate endpoint returns device configuration data including a Base64-encoded administrator password (Login_PW parameter) without requiring authentication. Successful exploitation grants full administrative access to the device. Th [truncated]