Skip to main content

Smart Doorbell X3

7 CVEs product

Monthly

CVE-2026-50099 MEDIUM CISA This Month

WiFi credential exposure in Naxclow IoT device firmware (Smart Doorbell X3, X Smart Home, V720, Ix Cam) allows any attacker with brief physical access to recover host network SSID, PSK, and negotiated WPA keys printed in cleartext to a labeled, production-accessible UART debug console. The UART interface drops to an unauthenticated interactive RT-Thread shell, enabling arbitrary memory reads and full firmware extraction - escalating a credential-theft opportunity into a platform for deeper firmware-level compromise. Reported via CISA ICS-CERT advisory ICSA-26-162-02; no public exploit code identified, though the attack requires only commodity serial hardware and minimal technical knowledge.

Information Disclosure Smart Doorbell X3 X Smart Home V720 Ix Cam
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-50244 MEDIUM CISA This Month

Fleet enumeration in the Naxclow smart home platform (Smart Doorbell X3, X Smart Home, V720, Ix Cam) allows unauthenticated remote callers to precisely map active device populations by exploiting a registration endpoint that allocates sequential device identifiers without validating caller ownership of the supplied account identifier. Each API call returns a high-water batch counter that directly reveals fleet size, making reconnaissance deterministic and low-noise rather than a side-channel inference. No public exploit code has been identified at time of analysis, but the zero-privilege, network-accessible attack surface and ICS-CERT reporting context (ICSA-26-162-02) indicate meaningful real-world exposure for residential and small-business physical security deployments.

Authentication Bypass Smart Doorbell X3 X Smart Home V720 Ix Cam
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-42932 MEDIUM CISA This Month

Device identifier enumeration across Naxclow's IoT product line - including the Smart Doorbell X3, X Smart Home platform, V720, and IX Cam - allows unauthenticated remote attackers to build a complete inventory of active devices deployed in the field. The identifier scheme combines fixed manufacturing prefixes with sequential counters (CWE-340), and the platform compounds this by exposing an endpoint that reveals the current identifier high-water mark, effectively handing attackers a starting point for a full sweep. Reported by ICS-CERT under ICSA-26-162-02, this is a platform-wide architectural flaw; no public exploit or KEV listing is confirmed at time of analysis, but the low complexity and zero-authentication barrier make opportunistic enumeration trivially achievable.

Information Disclosure Smart Doorbell X3 X Smart Home V720 Ix Cam
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2026-42947 HIGH CISA Act Now

Device takeover in Naxclow's IoT platform (Smart Doorbell X3, X Smart Home, V720, and iX Cam) allows any authenticated attacker to silently reassign victim devices to their own account by replaying the onboarding confirm-then-bind sequence. The affected endpoints validate request signatures but never verify legitimate ownership, enabling remote hijacking without user interaction or device-side awareness. No public exploit identified at time of analysis, but the issue is reported via CISA ICS-CERT advisory ICSA-26-162-02.

Authentication Bypass Smart Doorbell X3 X Smart Home V720 Ix Cam
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-50108 HIGH CISA Act Now

Unauthorized credential disclosure in the Naxclow IoT platform API (affecting Smart Doorbell X3, X Smart Home, V720, and Ix Cam) allows any actor who can produce a platform-valid request signature to retrieve the persistent relay-registration credentials of arbitrary devices. Reported via CISA ICS-CERT (ICSA-26-162-02), the flaw enables an attacker to impersonate a victim device on the relay and intercept or disrupt its traffic; no public exploit identified at time of analysis.

Authentication Bypass Smart Doorbell X3 X Smart Home V720 Ix Cam
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-50101 CRITICAL CISA Emergency

Persistent credential exposure in Naxclow smart cameras and doorbells (Smart Doorbell X3, X Smart Home, V720, ix Cam) allows anyone who obtains a device's server-side relay credential to maintain indefinite access to that device's relay channel. Because the credential is re-issued unchanged on every boot and cannot be rotated, reset, or revoked by the owner, even factory resets and re-onboarding do not evict an attacker. No public exploit identified at time of analysis, and EPSS/KEV signals are not provided in the input.

Information Disclosure Smart Doorbell X3 X Smart Home V720 Ix Cam
NVD GitHub VulDB
CVSS 4.0
9.2
EPSS
0.0%
CVE-2026-28742 CRITICAL CISA Emergency

Cryptographic authentication bypass in Naxclow smart home devices (Smart Doorbell X3, X Smart Home, V720, Ix Cam) allows remote attackers to forge arbitrary device and account API requests after extracting a single hard-coded salt shared across the entire product line. Because the same salt is embedded in every firmware image and no per-device keys, nonces, or replay protections exist, recovery from one unit compromises the whole fleet, and plain-HTTP control traffic makes interception trivial. No public exploit identified at time of analysis, and the issue was disclosed via CISA ICS-CERT advisory ICSA-26-162-02.

RCE Smart Doorbell X3 X Smart Home V720 Ix Cam
NVD GitHub VulDB
CVSS 4.0
9.2
EPSS
0.0%
EPSS 0% CVSS 5.1
MEDIUM This Month

WiFi credential exposure in Naxclow IoT device firmware (Smart Doorbell X3, X Smart Home, V720, Ix Cam) allows any attacker with brief physical access to recover host network SSID, PSK, and negotiated WPA keys printed in cleartext to a labeled, production-accessible UART debug console. The UART interface drops to an unauthenticated interactive RT-Thread shell, enabling arbitrary memory reads and full firmware extraction - escalating a credential-theft opportunity into a platform for deeper firmware-level compromise. Reported via CISA ICS-CERT advisory ICSA-26-162-02; no public exploit code identified, though the attack requires only commodity serial hardware and minimal technical knowledge.

Information Disclosure Smart Doorbell X3 X Smart Home +2
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

Fleet enumeration in the Naxclow smart home platform (Smart Doorbell X3, X Smart Home, V720, Ix Cam) allows unauthenticated remote callers to precisely map active device populations by exploiting a registration endpoint that allocates sequential device identifiers without validating caller ownership of the supplied account identifier. Each API call returns a high-water batch counter that directly reveals fleet size, making reconnaissance deterministic and low-noise rather than a side-channel inference. No public exploit code has been identified at time of analysis, but the zero-privilege, network-accessible attack surface and ICS-CERT reporting context (ICSA-26-162-02) indicate meaningful real-world exposure for residential and small-business physical security deployments.

Authentication Bypass Smart Doorbell X3 X Smart Home +2
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

Device identifier enumeration across Naxclow's IoT product line - including the Smart Doorbell X3, X Smart Home platform, V720, and IX Cam - allows unauthenticated remote attackers to build a complete inventory of active devices deployed in the field. The identifier scheme combines fixed manufacturing prefixes with sequential counters (CWE-340), and the platform compounds this by exposing an endpoint that reveals the current identifier high-water mark, effectively handing attackers a starting point for a full sweep. Reported by ICS-CERT under ICSA-26-162-02, this is a platform-wide architectural flaw; no public exploit or KEV listing is confirmed at time of analysis, but the low complexity and zero-authentication barrier make opportunistic enumeration trivially achievable.

Information Disclosure Smart Doorbell X3 X Smart Home +2
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH Act Now

Device takeover in Naxclow's IoT platform (Smart Doorbell X3, X Smart Home, V720, and iX Cam) allows any authenticated attacker to silently reassign victim devices to their own account by replaying the onboarding confirm-then-bind sequence. The affected endpoints validate request signatures but never verify legitimate ownership, enabling remote hijacking without user interaction or device-side awareness. No public exploit identified at time of analysis, but the issue is reported via CISA ICS-CERT advisory ICSA-26-162-02.

Authentication Bypass Smart Doorbell X3 X Smart Home +2
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH Act Now

Unauthorized credential disclosure in the Naxclow IoT platform API (affecting Smart Doorbell X3, X Smart Home, V720, and Ix Cam) allows any actor who can produce a platform-valid request signature to retrieve the persistent relay-registration credentials of arbitrary devices. Reported via CISA ICS-CERT (ICSA-26-162-02), the flaw enables an attacker to impersonate a victim device on the relay and intercept or disrupt its traffic; no public exploit identified at time of analysis.

Authentication Bypass Smart Doorbell X3 X Smart Home +2
NVD GitHub VulDB
EPSS 0% CVSS 9.2
CRITICAL Emergency

Persistent credential exposure in Naxclow smart cameras and doorbells (Smart Doorbell X3, X Smart Home, V720, ix Cam) allows anyone who obtains a device's server-side relay credential to maintain indefinite access to that device's relay channel. Because the credential is re-issued unchanged on every boot and cannot be rotated, reset, or revoked by the owner, even factory resets and re-onboarding do not evict an attacker. No public exploit identified at time of analysis, and EPSS/KEV signals are not provided in the input.

Information Disclosure Smart Doorbell X3 X Smart Home +2
NVD GitHub VulDB
EPSS 0% CVSS 9.2
CRITICAL Emergency

Cryptographic authentication bypass in Naxclow smart home devices (Smart Doorbell X3, X Smart Home, V720, Ix Cam) allows remote attackers to forge arbitrary device and account API requests after extracting a single hard-coded salt shared across the entire product line. Because the same salt is embedded in every firmware image and no per-device keys, nonces, or replay protections exist, recovery from one unit compromises the whole fleet, and plain-HTTP control traffic makes interception trivial. No public exploit identified at time of analysis, and the issue was disclosed via CISA ICS-CERT advisory ICSA-26-162-02.

RCE Smart Doorbell X3 X Smart Home +2
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy