Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Remote and unauthenticated at the platform layer (AV:N/PR:N), but AC:H because the attacker must first recover the platform request-signing scheme; scope changes to the victim device's traffic (S:C) with high confidentiality and partial integrity/availability via impersonation.
Primary rating from Vendor (icscert).
CVSS VectorVendor: icscert
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
The Naxclow platform API that returns device relay registration details exposes a persistent credential without verifying that the requester is the legitimate device or owner. An actor able to present a platform-valid request signature can retrieve credentials for arbitrary devices and register on the relay as that device, enabling interception and disruption of its communications.
AnalysisAI
Unauthorized credential disclosure in the Naxclow IoT platform API (affecting Smart Doorbell X3, X Smart Home, V720, and Ix Cam) allows any actor who can produce a platform-valid request signature to retrieve the persistent relay-registration credentials of arbitrary devices. Reported via CISA ICS-CERT (ICSA-26-162-02), the flaw enables an attacker to impersonate a victim device on the relay and intercept or disrupt its traffic; no public exploit identified at time of analysis.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires (1) the ability to produce a platform-valid request signature for Naxclow's API - meaning the attacker has reverse-engineered the official mobile app or firmware to recover the signing scheme/key - and (2) knowledge of the target device's identifier on the platform. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are mixed but lean toward a real priority for affected device owners. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has reverse-engineered the Naxclow mobile app or firmware to obtain its request-signing material crafts a platform-valid API call to the relay-registration endpoint, supplying the victim's device identifier (often guessable, enumerable, or harvestable from app metadata). The platform returns the device's persistent relay credentials; the attacker connects to the relay impersonating the victim's doorbell or camera, at which point they can intercept the live feed, suppress alerts, or feed spoofed content to the owner's app. |
| Remediation | No vendor-released patch identified at time of analysis in the supplied data; the CISA ICS-CERT advisory ICSA-26-162-02 (https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-02) is the authoritative tracking source and should be checked for the current vendor response. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Inventory all Naxclow Smart Doorbell X3, X Smart Home, V720, and Ix Cam devices in production; review API access logs for unauthorized credential retrieval requests; identify business-critical deployments. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Smart Doorbell X3
View allPersistent credential exposure in Naxclow smart cameras and doorbells (Smart Doorbell X3, X Smart Home, V720, ix Cam) al
Cryptographic authentication bypass in Naxclow smart home devices (Smart Doorbell X3, X Smart Home, V720, Ix Cam) allows
Device takeover in Naxclow's IoT platform (Smart Doorbell X3, X Smart Home, V720, and iX Cam) allows any authenticated a
Fleet enumeration in the Naxclow smart home platform (Smart Doorbell X3, X Smart Home, V720, Ix Cam) allows unauthentica
Device identifier enumeration across Naxclow's IoT product line - including the Smart Doorbell X3, X Smart Home platform
WiFi credential exposure in Naxclow IoT device firmware (Smart Doorbell X3, X Smart Home, V720, Ix Cam) allows any attac
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36529
GHSA-6rwx-723r-8rw3