cvedb.io
CVE-2026-31850
MEDIUM · CVSS 4.9
EPSS exploitation probability: 0%
Published 2026-03-23T13:16:30.807 · Last modified 2026-06-17T10:34:37.757

Summary

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files. These backup files can be obtained through legitimate functionality or other weaknesses and do not apply encryption or hashing, allowing attackers to directly extract sensitive information.

Affected products

nexxtsolutions — nebula300plus_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when nexxtsolutions ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.