Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unauthenticated Credential Disclosure via /goform/ate in Nexxt Nebula 300+
Vulnerability Description
Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device information, including the administrator password. The endpoint returns a raw response containing parameters such as Login_PW, which is Base64-encoded. An attacker can decode this value to obtain valid administrative credentials and authenticate to the device.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Nexxt Solutions Nebula 300+ 安全漏洞
Vulnerability Description
Nexxt Solutions Nebula 300+是美国Nexxt Solutions公司的一款无线路由器。 Nexxt Solutions Nebula 300+ 12.01.01.37及之前版本存在安全漏洞,该漏洞源于/goform/ate端点存在未经验证的凭据泄露,可能导致获取管理员密码。
CVSS Information
N/A
Vulnerability Type
N/A