CVE-2026-31847 PUBLISHED

Hidden functionality allows remote Telnet enablement in Nexxt Nebula 300+

Assigner: TuranSec
Reserved: 09.03.2026 Published: 23.03.2026 Updated: 23.03.2026

Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. Once enabled, the service exposes a privileged diagnostic management interface over the network, increasing the attack surface and enabling further compromise of the device.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 8.5

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Adjacent	Confidentiality	High	Confidentiality	None
Attack Complexity	Low	Integrity	High	Integrity	None
Attack Requirements	None	Availability	High	Availability	None
Privileges Required	High
User Interaction	None

CVSS 4.0

Product Status

Vendor	Nexxt Solutions
Product	Nebula 300+
Versions	Default: unaffected affected from <= 12.01.01.37 to Nebula300+_v12.01.01.37 (incl.)

Credits

Angel Barre (call4pwn) finder

References

Problem Types

CWE-912 Hidden Functionality CWE

Impacts

An attacker who can invoke the affected functionality can enable a privileged Telnet service remotely, exposing a diagnostic management interface and enabling further compromise of the device.