Lucene search
K

4 matches found

NVD
NVD
added 2026/06/12 7:16 p.m.13 views

CVE-2026-42947

A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account. Because the affected endpoints validate request signatures but do not confirm legitimate ownership, an attacker with any account can...

8.8CVSS0.00312EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 6:13 p.m.9 views

CVE-2026-42947 Naxclow IoT Platform Authorization bypass through User-Controlled key

A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account. Because the affected endpoints validate request signatures but do not confirm legitimate ownership, an attacker with any account can...

8.8CVSS5.5AI score0.00312EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 6:13 p.m.8 views

EUVD-2026-36531

A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account. Because the affected endpoints validate request signatures but do not confirm legitimate ownership, an attacker with any account can...

8.8CVSS5.4AI score0.00312EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 6:13 p.m.20 views

CVE-2026-42947

CVE-2026-42947 affects Naxclow IoT Platform. A flaw in the onboarding workflow lets an attacker replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account, because endpoints validate request signatures but do not verify legitimate ownership. Practical consequence: a...

8.8CVSS5.4AI score0.00312EPSS
Exploits0References2
Rows per page
Query Builder