Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-31847
PUBLISHED
More InfoOfficial Page
Assigner-TuranSec
Assigner Org ID-309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c
View Known Exploited Vulnerability (KEV) details
Published At-23 Mar, 2026 | 12:07
Updated At-26 Mar, 2026 | 10:52
Rejected At-
▼CVE Numbering Authority (CNA)
Hidden Functionality Enables Remote Telnet Activation via /goform/setSysTools in Nexxt Nebula 300+

Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can activate a Telnet service on port 23. This exposes a privileged diagnostic interface that is not intended for external access and can be used to interact with the underlying system.

Affected Products
Vendor
Nexxt Solutions
Product
Nebula 300+
Default Status
unaffected
Versions
Affected
  • From <= 12.01.01.37 through Nebula300+_v12.01.01.37 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-912CWE-912 Hidden Functionality
Type: CWE
CWE ID: CWE-912
Description: CWE-912 Hidden Functionality
Metrics
VersionBase scoreBase severityVector
4.08.5HIGH
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
N/AAn attacker who can invoke the affected functionality can enable a privileged Telnet service remotely, exposing a diagnostic management interface and enabling further compromise of the device.
CAPEC ID: N/A
Description: An attacker who can invoke the affected functionality can enable a privileged Telnet service remotely, exposing a diagnostic management interface and enabling further compromise of the device.
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Angel Barre (call4pwn)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/
N/A
https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.01.01.37.zip
N/A
Hyperlink: https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/
Resource: N/A
Hyperlink: https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.01.01.37.zip
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found