Skip to main content

Naxclow Platform CVE-2026-42947

| EUVDEUVD-2026-36531 HIGH
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-06-12 icscert GHSA-hrr2-8g8j-2h2h
8.7
CVSS 4.0 · Vendor: icscert
Share

Severity by source

Vendor (icscert) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.8 HIGH

Cloud API reachable over the internet (AV:N), requires only a low-privilege self-registered account (PR:L), no victim interaction (UI:N), and full takeover of device data and control yields C/I/A:H.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (icscert).

CVSS VectorVendor: icscert

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 12, 2026 - 19:24 vuln.today

DescriptionCVE.org

A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account. Because the affected endpoints validate request signatures but do not confirm legitimate ownership, an attacker with any account can take over a device without user interaction while the device remains online and unaware.

AnalysisAI

Device takeover in Naxclow's IoT platform (Smart Doorbell X3, X Smart Home, V720, and iX Cam) allows any authenticated attacker to silently reassign victim devices to their own account by replaying the onboarding confirm-then-bind sequence. The affected endpoints validate request signatures but never verify legitimate ownership, enabling remote hijacking without user interaction or device-side awareness. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Register free Naxclow account
Delivery
Enumerate or harvest target device ID
Exploit
Forge signed confirm-then-bind request
Execution
Replay sequence against platform API
Persist
Platform reassigns device to attacker account
Impact
Attacker gains live camera/doorbell access

Vulnerability AssessmentAI

Exploitation Attacker needs (1) a valid Naxclow platform account (PR:L - any self-registered account qualifies) and (2) the ability to issue the platform's confirm-then-bind API call against a target device identifier with a correctly signed request body; legitimate ownership of that device is NOT required because the endpoint only validates the request signature, not the account-to-device authorization. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 4.0 vector AV:N/AC:L/AT:N/PR:L/UI:N with VC:H/VI:H/VA:H (base 8.7) reflects a network-reachable, low-complexity bug usable by any account holder with no victim interaction - a realistic profile for cloud IoT abuse. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker registers a free Naxclow account, captures or replays the confirm-then-bind API sequence for a target device ID (which may be enumerated or harvested), and submits a valid-signature bind request that reassigns the doorbell or camera to their account. The victim's app silently loses the device while the camera continues streaming - now to the attacker - without the device itself indicating a re-pairing event. …
Remediation No vendor-released patch identified at time of analysis in the supplied intelligence; consult CISA ICSA-26-162-02 (https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-02) for current vendor guidance and any fixed platform release. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Conduct immediate inventory of all Naxclow devices in production; classify by criticality and physical location access. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-42947 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy