Skip to main content

Naxclow Platform EUVDEUVD-2026-36533

| CVE-2026-50244 MEDIUM
Missing Authorization (CWE-862)
2026-06-12 icscert GHSA-xw3c-vh4p-m7j2
6.9
CVSS 4.0 · Vendor: icscert
Share

Severity by source

Vendor (icscert) PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.3 MEDIUM

Network-accessible unauthenticated endpoint requiring no privileges; sole impact is low confidentiality disclosure of fleet counter values with no integrity or availability effect.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (icscert).

CVSS VectorVendor: icscert

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 12, 2026 - 19:28 vuln.today

DescriptionCVE.org

The Naxclow platform exposes a registration endpoint that accepts signed requests containing a batch prefix and an arbitrary caller-supplied account identifier, without validating any ownership relationship. Each call mints a new sequential device identifier and returns the current high-water counter value for the batch, allowing callers to measure and enumerate the active device space. The endpoint’s behavior enables precise fleet enumeration.

AnalysisAI

Fleet enumeration in the Naxclow smart home platform (Smart Doorbell X3, X Smart Home, V720, Ix Cam) allows unauthenticated remote callers to precisely map active device populations by exploiting a registration endpoint that allocates sequential device identifiers without validating caller ownership of the supplied account identifier. Each API call returns a high-water batch counter that directly reveals fleet size, making reconnaissance deterministic and low-noise rather than a side-channel inference. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Extract signing material from mobile app or firmware
Delivery
Craft signed registration request with target batch prefix and arbitrary account ID
Exploit
Submit unauthenticated request to cloud registration endpoint
Execution
Parse returned sequential device ID and batch high-water counter
Persist
Iterate across all batch prefixes
Impact
Reconstruct full fleet enumeration map

Vulnerability AssessmentAI

Exploitation The attacker must reach the Naxclow cloud registration endpoint over a standard network connection and must be able to construct a structurally valid signed request containing both a batch prefix field and an arbitrary account identifier field. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 6.9 (Medium) is consistent with the attack profile: network-accessible, zero-privilege, low-complexity, with limited confidentiality impact and no integrity or availability consequences (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated external attacker extracts the request signing material from the Naxclow mobile application or firmware and crafts a series of valid signed API requests to the cloud registration endpoint, supplying an arbitrary account identifier and iterating across batch prefixes. Each call returns a new sequential device ID and the current batch high-water counter, allowing the attacker to calculate registered device counts per batch with arithmetic precision. …
Remediation No specific patched firmware version was confirmed in the available intelligence data; the CISA ICS advisory ICSA-26-162-02 at https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-02 and its companion CSAF document at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-162-02.json are the authoritative sources for vendor-supplied fixes and should be monitored for patch availability. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-36533 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy