Lucene search
K

9 matches found

NVD
NVD
added 2026/06/12 7:16 p.m.17 views

CVE-2026-50108

The Naxclow platform API that returns device relay registration details exposes a persistent credential without verifying that the requester is the legitimate device or owner. An actor able to present a platform-valid request signature can retrieve credentials for arbitrary devices and register o...

8.7CVSS0.00306EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 7:16 p.m.18 views

CVE-2026-50244

The Naxclow platform exposes a registration endpoint that accepts signed requests containing a batch prefix and an arbitrary caller-supplied account identifier, without validating any ownership relationship. Each call mints a new sequential device identifier and returns the current high-water...

6.9CVSS0.00221EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 6:17 p.m.30 views

CVE-2026-42932 Naxclow IoT Platform Generation of Predictable Numbers or Identifiers

Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endpoint that reveals the current identifier high-water mark, the active fleet can be enumerated...

6.9CVSS0.00233EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 6:13 p.m.7 views

EUVD-2026-36531

A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account. Because the affected endpoints validate request signatures but do not confirm legitimate ownership, an attacker with any account can...

8.8CVSS5.4AI score0.00312EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 6:13 p.m.9 views

CVE-2026-42947 Naxclow IoT Platform Authorization bypass through User-Controlled key

A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account. Because the affected endpoints validate request signatures but do not confirm legitimate ownership, an attacker with any account can...

8.8CVSS5.5AI score0.00312EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 6:10 p.m.8 views

EUVD-2026-36529

The Naxclow platform API that returns device relay registration details exposes a persistent credential without verifying that the requester is the legitimate device or owner. An actor able to present a platform-valid request signature can retrieve credentials for arbitrary devices and register o...

8.7CVSS5.5AI score0.00306EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 6:10 p.m.29 views

CVE-2026-50108 Naxclow IoT Platform Missing Authorization

The Naxclow platform API that returns device relay registration details exposes a persistent credential without verifying that the requester is the legitimate device or owner. An actor able to present a platform-valid request signature can retrieve credentials for arbitrary devices and register o...

8.7CVSS0.00306EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 6:10 p.m.16 views

CVE-2026-50108

The CVE-2026-50108 entry concerns the Naxclow IoT Platform API where device relay registration details are returned with a persistent credential without verifying the requester’s identity. An actor who can present a platform-valid request signature can retrieve credentials for arbitrary devices a...

8.7CVSS5.5AI score0.00306EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.11 views

PT-2026-48958

Name of the Vulnerable Software and Affected Versions Naxclow affected versions not specified Description The platform API that returns device relay registration details fails to verify if the requester is the legitimate device or owner, exposing a persistent credential. An actor capable of...

8.7CVSS5.4AI score0.00306EPSS
Exploits0References4
Rows per page
Query Builder