Lucene search
K

9 matches found

NVD
NVD
added 2026/06/12 7:16 p.m.16 views

CVE-2026-50244

The Naxclow platform exposes a registration endpoint that accepts signed requests containing a batch prefix and an arbitrary caller-supplied account identifier, without validating any ownership relationship. Each call mints a new sequential device identifier and returns the current high-water...

6.9CVSS0.00221EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 7:16 p.m.10 views

CVE-2026-42932

Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endpoint that reveals the current identifier high-water mark, the active fleet can be enumerated...

6.9CVSS0.00233EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 6:21 p.m.30 views

CVE-2026-50244 Naxclow IoT Platform Missing Authorization

The Naxclow platform exposes a registration endpoint that accepts signed requests containing a batch prefix and an arbitrary caller-supplied account identifier, without validating any ownership relationship. Each call mints a new sequential device identifier and returns the current high-water...

6.9CVSS0.00221EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 6:21 p.m.8 views

EUVD-2026-36533

The Naxclow platform exposes a registration endpoint that accepts signed requests containing a batch prefix and an arbitrary caller-supplied account identifier, without validating any ownership relationship. Each call mints a new sequential device identifier and returns the current high-water...

6.9CVSS5.3AI score0.00221EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 6:21 p.m.19 views

CVE-2026-50244

CVE-2026-50244 affects the Naxclow IoT Platform. The registration endpoint accepts signed requests with a batch prefix and a caller-supplied account identifier without ownership validation, allowing an attacker to mint new sequential device identifiers and read the batch’s current high-water coun...

6.9CVSS5.3AI score0.00221EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 6:17 p.m.8 views

CVE-2026-42932 Naxclow IoT Platform Generation of Predictable Numbers or Identifiers

Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endpoint that reveals the current identifier high-water mark, the active fleet can be enumerated...

6.9CVSS5.2AI score0.00233EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 6:17 p.m.9 views

EUVD-2026-36532

Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endpoint that reveals the current identifier high-water mark, the active fleet can be enumerated...

6.9CVSS5.2AI score0.00233EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48959

The Naxclow platform exposes a registration endpoint that accepts signed requests containing a batch prefix and an arbitrary caller-supplied account identifier, without validating any ownership relationship. Each call mints a new sequential device identifier and returns the current high-water...

6.9CVSS5.3AI score0.00221EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.12 views

PT-2026-48952

Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endpoint that reveals the current identifier high-water mark, the active fleet can be enumerated...

6.9CVSS5.2AI score0.00233EPSS
Exploits0References3
Rows per page
Query Builder