Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-accessible unauthenticated endpoint requiring no privileges; sole impact is low confidentiality disclosure of fleet counter values with no integrity or availability effect.
Primary rating from Vendor (icscert).
CVSS VectorVendor: icscert
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
The Naxclow platform exposes a registration endpoint that accepts signed requests containing a batch prefix and an arbitrary caller-supplied account identifier, without validating any ownership relationship. Each call mints a new sequential device identifier and returns the current high-water counter value for the batch, allowing callers to measure and enumerate the active device space. The endpoint’s behavior enables precise fleet enumeration.
AnalysisAI
Fleet enumeration in the Naxclow smart home platform (Smart Doorbell X3, X Smart Home, V720, Ix Cam) allows unauthenticated remote callers to precisely map active device populations by exploiting a registration endpoint that allocates sequential device identifiers without validating caller ownership of the supplied account identifier. Each API call returns a high-water batch counter that directly reveals fleet size, making reconnaissance deterministic and low-noise rather than a side-channel inference. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must reach the Naxclow cloud registration endpoint over a standard network connection and must be able to construct a structurally valid signed request containing both a batch prefix field and an arbitrary account identifier field. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 6.9 (Medium) is consistent with the attack profile: network-accessible, zero-privilege, low-complexity, with limited confidentiality impact and no integrity or availability consequences (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated external attacker extracts the request signing material from the Naxclow mobile application or firmware and crafts a series of valid signed API requests to the cloud registration endpoint, supplying an arbitrary account identifier and iterating across batch prefixes. Each call returns a new sequential device ID and the current batch high-water counter, allowing the attacker to calculate registered device counts per batch with arithmetic precision. … |
| Remediation | No specific patched firmware version was confirmed in the available intelligence data; the CISA ICS advisory ICSA-26-162-02 at https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-02 and its companion CSAF document at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-162-02.json are the authoritative sources for vendor-supplied fixes and should be monitored for patch availability. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Smart Doorbell X3
View allPersistent credential exposure in Naxclow smart cameras and doorbells (Smart Doorbell X3, X Smart Home, V720, ix Cam) al
Cryptographic authentication bypass in Naxclow smart home devices (Smart Doorbell X3, X Smart Home, V720, Ix Cam) allows
Device takeover in Naxclow's IoT platform (Smart Doorbell X3, X Smart Home, V720, and iX Cam) allows any authenticated a
Unauthorized credential disclosure in the Naxclow IoT platform API (affecting Smart Doorbell X3, X Smart Home, V720, and
Device identifier enumeration across Naxclow's IoT product line - including the Smart Doorbell X3, X Smart Home platform
WiFi credential exposure in Naxclow IoT device firmware (Smart Doorbell X3, X Smart Home, V720, Ix Cam) allows any attac
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36533
GHSA-xw3c-vh4p-m7j2