Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-31846— Unauthenticated Credential Disclosure via /goform/ate in Nexxt Nebula 300+

CVSS 6.5 · Medium EPSS 0.05% · P16
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-31846

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Unauthenticated Credential Disclosure via /goform/ate in Nexxt Nebula 300+
Source: NVD (National Vulnerability Database)
Vulnerability Description
Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device information, including the administrator password. The endpoint returns a raw response containing parameters such as Login_PW, which is Base64-encoded. An attacker can decode this value to obtain valid administrative credentials and authenticate to the device.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
关键功能的认证机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
Nexxt Solutions Nebula 300+ 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Nexxt Solutions Nebula 300+是美国Nexxt Solutions公司的一款无线路由器。 Nexxt Solutions Nebula 300+ 12.01.01.37及之前版本存在安全漏洞,该漏洞源于/goform/ate端点存在未经验证的凭据泄露,可能导致获取管理员密码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Nexxt SolutionsNebula 300+ / Tenda F3 V2.0 Firmware <= 12.01.01.37 -

II. Public POCs for CVE-2026-31846

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-31846

登录查看更多情报信息。

Same Patch Batch · Nexxt Solutions · 2026-03-23 · 6 CVEs total

CVE-2026-31849Missing CSRF Protection on Administrative Endpoints in Nexxt Nebula 300+
CVE-2026-31847Hidden Functionality Enables Remote Telnet Activation via /goform/setSysTools in Nexxt Neb
CVE-2026-31850Plaintext Storage of Credentials in Configuration Backup in Nexxt Nebula 300+
CVE-2026-31848Reversible ecos_pw Cookie Allows Authentication Bypass in Nexxt Nebula 300+
CVE-2026-31851Lack of Rate Limiting Enables Brute-Force Attacks in Nexxt Nebula 300+

IV. Related Vulnerabilities

Same vendor: Nexxt Solutions
Same weakness: CWE-306

V. Comments for CVE-2026-31846

No comments yet

Leave a comment