CVE-2026-31846 is a vulnerability classified under CWE-306 (Missing Authentication for Critical Function) affecting Nexxt Solutions Nebula 300+ and Tenda F3 V2.0 routers running firmware versions up to 12.01.01.37. The flaw resides in the /goform/ate HTTP endpoint, which lacks any authentication controls, allowing an attacker on the same local network or adjacent network segment to send requests and receive sensitive device information. The response includes parameters such as Login_PW, which contains the administrator password encoded in Base64. Since Base64 encoding is reversible, an attacker can easily decode this value to obtain valid administrative credentials. With these credentials, the attacker can fully authenticate to the device’s management interface, enabling them to change configurations, intercept traffic, or launch further attacks. The vulnerability requires no privileges, no user interaction, and has a low attack complexity, but does require network adjacency, limiting remote exploitation. The CVSS 4.0 score of 7.1 reflects the high confidentiality impact and ease of exploitation within the local network. No patches or official fixes are currently linked, and no exploits have been reported in the wild, but the risk remains significant due to the sensitive nature of the exposed credentials.

The primary impact of this vulnerability is the compromise of device confidentiality and integrity. An attacker gaining administrative credentials can fully control the router, potentially intercepting or redirecting network traffic, disabling security features, or deploying persistent malware. This can lead to data breaches, network downtime, and lateral movement within organizational networks. Small offices and home users relying on these devices are particularly vulnerable, as they may lack additional network segmentation or monitoring. The absence of authentication on a critical endpoint exposes the device to easy credential theft, increasing the risk of widespread compromise if exploited in environments with many such devices. Although remote exploitation is limited by the adjacency requirement, attackers who gain local network access—via Wi-Fi or compromised devices—can leverage this flaw to escalate privileges and control the network gateway.

Organizations and users should immediately verify their device firmware version and upgrade to a version beyond 12.01.01.37 once available from Nexxt Solutions or Tenda. Until patches are released, network administrators should restrict access to the device management interface by implementing strict network segmentation, such as isolating router management interfaces on separate VLANs accessible only to trusted administrators. Disabling remote management features and restricting Wi-Fi access to trusted users can reduce the risk of local network attackers. Monitoring network traffic for unusual requests to the /goform/ate endpoint may help detect exploitation attempts. Additionally, changing default passwords and using strong, unique credentials can limit the impact if credentials are exposed. Vendors should be urged to release firmware updates promptly and provide clear guidance to users. Employing network intrusion detection systems (NIDS) that can identify suspicious local network scanning or credential extraction attempts can further enhance defense.