CVE-2026-31850

UNKNOWN 0.0

Plaintext Storage of Credentials in Configuration Backup in Nexxt Nebula 300+

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

2th

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files. These backup files can be obtained through legitimate functionality or other weaknesses and do not apply encryption or hashing, allowing attackers to directly extract sensitive information.

CWE	CWE-256
Vendor	nexxt solutions
Product	nebula 300+
Published	Mar 23, 2026
Last Updated	Mar 26, 2026

Stay Ahead of the Next One

Get instant alerts for nexxt solutions nebula 300+

Be the first to know when new unknown vulnerabilities affecting nexxt solutions nebula 300+ are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Nexxt Solutions / Nebula 300+

<= 12.01.01.37

References

NVD ↗ CVE.org ↗ EPSS Data ↗

nexxtsolutions.com: https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/ nexxt-connectivity-frontend.s3.amazonaws.com: https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.01.01.37.zip

Credits

Angel Barre (call4pwn)