CVE-2026-31850 MEDIUM

CVE-2026-31850: Plaintext Storage of Credentials in Configuration Backup in Nexxt Nebula 300+

Vendor Nexxt Solutions
Product Nebula 300+
Weakness CWE-256
Published March 23, 2026
Last update March 26, 2026

CVSS base score

6.8/10
Attack vector Adjacent
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files. These backup files can be obtained through legitimate functionality or other weaknesses and do not apply encryption or hashing, allowing attackers to directly extract sensitive information.

Key dates

02Disclosure timeline

March 23, 2026 CVE published
March 26, 2026 Record updated