{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-12T06:50:09.464","vulnerabilities":[{"cve":{"id":"CVE-2026-31850","sourceIdentifier":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","published":"2026-03-23T13:16:30.807","lastModified":"2026-04-29T17:39:51.817","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files. These backup files can be obtained through legitimate functionality or other weaknesses and do not apply encryption or hashing, allowing attackers to directly extract sensitive information."},{"lang":"es","value":"El firmware de Nexxt Solutions Nebula 300+ hasta la versión 12.01.01.37 almacena información sensible, incluyendo credenciales administrativas y claves precompartidas de WiFi, en texto plano dentro de los archivos de copia de seguridad de configuración exportados."}],"metrics":{"cvssMetricV40":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}]},"weaknesses":[{"source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","type":"Secondary","description":[{"lang":"en","value":"CWE-256"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:nexxtsolutions:nebula300plus_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"12.01.01.37","matchCriteriaId":"D55E0FD8-9ADB-423B-A23F-64F41F9DD40B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:nexxtsolutions:nebula300plus:-:*:*:*:*:*:*:*","matchCriteriaId":"F9AA93D2-E1BA-4EFC-8760-BF366CF6474D"}]}]}],"references":[{"url":"https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.01.01.37.zip","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","tags":["Product"]},{"url":"https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/","source":"309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c","tags":["Product"]}]}}]}