CVE-2026-42932

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

5.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N                                    

Vulnerability Description

Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endpoint that reveals the current identifier high-water mark, the active fleet can be enumerated.

Vulnerability Details

Published Date

June 12, 2026

Last Modified

June 12, 2026

CWE ID

CWE-340

Source

NVD

Vendor

Naxclow

Product

Smart Doorbell X3, X Smart Home, V720, ix cam

External References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-162-02.json
https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-02

CVE-2026-42932

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment