Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-31850
PUBLISHED
More InfoOfficial Page
Assigner-TuranSec
Assigner Org ID-309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c
View Known Exploited Vulnerability (KEV) details
Published At-23 Mar, 2026 | 12:21
Updated At-26 Mar, 2026 | 10:46
Rejected At-
▼CVE Numbering Authority (CNA)
Plaintext Storage of Credentials in Configuration Backup in Nexxt Nebula 300+

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files. These backup files can be obtained through legitimate functionality or other weaknesses and do not apply encryption or hashing, allowing attackers to directly extract sensitive information.

Affected Products
Vendor
Nexxt Solutions
Product
Nebula 300+
Default Status
unaffected
Versions
Affected
  • <= 12.01.01.37
Problem Types
TypeCWE IDDescription
CWECWE-256CWE-256 Plaintext Storage of a Password
Type: CWE
CWE ID: CWE-256
Description: CWE-256 Plaintext Storage of a Password
Metrics
VersionBase scoreBase severityVector
4.06.8MEDIUM
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 6.8
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
N/AAn attacker who obtains a configuration backup file can extract administrative credentials and WiFi pre-shared keys in plaintext.
CAPEC ID: N/A
Description: An attacker who obtains a configuration backup file can extract administrative credentials and WiFi pre-shared keys in plaintext.
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Angel Barre (call4pwn)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/
N/A
https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.01.01.37.zip
N/A
Hyperlink: https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/
Resource: N/A
Hyperlink: https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.01.01.37.zip
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found