Severity by source
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Physical vector required for UART access; no privileges needed for unauthenticated console; confidentiality-only impact from credential and key disclosure with no integrity or availability effect.
Primary rating from Vendor (icscert).
CVSS VectorVendor: icscert
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell that permits arbitrary memory reads, enabling full firmware extraction. An attacker with brief physical access, common for outdoor-mounted devices, can therefore recover WiFi credentials and bootstrap firmware-side attacks.
AnalysisAI
WiFi credential exposure in Naxclow IoT device firmware (Smart Doorbell X3, X Smart Home, V720, Ix Cam) allows any attacker with brief physical access to recover host network SSID, PSK, and negotiated WPA keys printed in cleartext to a labeled, production-accessible UART debug console. The UART interface drops to an unauthenticated interactive RT-Thread shell, enabling arbitrary memory reads and full firmware extraction - escalating a credential-theft opportunity into a platform for deeper firmware-level compromise. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Physical access to the device PCB is required to connect to the UART debug pads. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 5.1 reflects the physical access requirement (AV:P), which is the primary risk limiter and prevents remote or automated mass exploitation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker targets an outdoor-mounted Naxclow Smart Doorbell X3 during a brief unobserved window - for example, during a delivery, maintenance visit, or after-hours approach. Using a USB-to-serial adapter connected to the labeled UART pads (no disassembly required if pads are edge-accessible), the attacker power-cycles the device to trigger a WiFi association event and captures the SSID, PSK, and WPA session keys printed in cleartext to the console. … |
| Remediation | No vendor-released patch version has been identified from the available data; the CPE wildcard entries suggest no patched firmware release has been scoped at time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Smart Doorbell X3
View allPersistent credential exposure in Naxclow smart cameras and doorbells (Smart Doorbell X3, X Smart Home, V720, ix Cam) al
Cryptographic authentication bypass in Naxclow smart home devices (Smart Doorbell X3, X Smart Home, V720, Ix Cam) allows
Device takeover in Naxclow's IoT platform (Smart Doorbell X3, X Smart Home, V720, and iX Cam) allows any authenticated a
Unauthorized credential disclosure in the Naxclow IoT platform API (affecting Smart Doorbell X3, X Smart Home, V720, and
Fleet enumeration in the Naxclow smart home platform (Smart Doorbell X3, X Smart Home, V720, Ix Cam) allows unauthentica
Device identifier enumeration across Naxclow's IoT product line - including the Smart Doorbell X3, X Smart Home platform
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36538
GHSA-ccf8-539p-4gc2