Description
During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell that permits arbitrary memory reads, enabling full firmware extraction. An attacker with brief physical access, common for outdoor-mounted devices, can therefore recover WiFi credentials and bootstrap firmware-side attacks.
Published: 2026-06-12
Score: 5.1 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

During Wi‑Fi association, the device firmware writes the host network’s SSID, PSK, and negotiated WPA keys to an exposed UART console that drops into an interactive shell permitting arbitrary memory reads. This is a CWE‑538 vulnerability—Insertion of sensitive information into an externally accessible device. An attacker with brief physical access, such as a passer‑by of an exterior‑mounted doorbell, can intercept those clear‑text credentials and read the entire firmware image, giving them full control of the device. The result is disclosure of confidential network information and the ability to launch firmware‑based attacks.

Affected Systems

The affected devices are Naxclow Smart Doorbell X3, Naxclow V720, Naxclow X Smart Home, and Naxclow ix cam. No specific firmware versions are listed, so all current production hardware with the exposed UART console is potentially vulnerable.

Risk and Exploitability

The CVSS score of 5.1 indicates moderate severity; the EPSS score is currently unavailable, and the vulnerability has not yet been listed in CISA’s KEV catalog. An attacker requires limited physical access to the UART console, which is reasonable for outdoor‑mounted IoT devices. Because a shell is exposed, a successful exploitation path can yield arbitrary memory reads and full firmware extraction. In the absence of an official patch, the risk remains moderate but is likely targeted by attackers seeking network credentials or device control.

Generated by OpenCVE AI on June 12, 2026 at 19:50 UTC.

Remediation

Vendor Workaround

Naxclow did not respond to CISA's attempts to coordinate these vulnerabilities. Users should contact Naxclow for more information.

OpenCVE Recommended Actions

  • Install the latest firmware from Naxclow that removes or locks the UART console when present.
  • If a newer firmware is not yet available, disable the UART console physically by severing the pads or by covering the UART connectors.
  • Secure the device to prevent unauthorized physical access; consider mounting in a locked enclosure.
  • Change Wi‑Fi passwords promptly if the credentials might have been exposed.
  • Contact Naxclow for further information or a formal remediation plan.

Generated by OpenCVE AI on June 12, 2026 at 19:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Naxclow
Naxclow ix Cam
Naxclow smart Doorbell X3
Naxclow v720
Naxclow x Smart Home
Vendors & Products Naxclow
Naxclow ix Cam
Naxclow smart Doorbell X3
Naxclow v720
Naxclow x Smart Home

Fri, 12 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 12 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell that permits arbitrary memory reads, enabling full firmware extraction. An attacker with brief physical access, common for outdoor-mounted devices, can therefore recover WiFi credentials and bootstrap firmware-side attacks.
Title Naxclow IoT Platform Insertion of sensitive information into Externally-Accessible file or directory
Weaknesses CWE-538
References
Metrics cvssV3_1

{'score': 4.6, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Naxclow Ix Cam Smart Doorbell X3 V720 X Smart Home
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-06-12T18:58:23.718Z

Reserved: 2026-06-08T20:04:55.558Z

Link: CVE-2026-50099

cve-icon Vulnrichment

Updated: 2026-06-12T18:58:20.322Z

cve-icon NVD

Status : Received

Published: 2026-06-12T19:16:29.330

Modified: 2026-06-12T19:16:29.330

Link: CVE-2026-50099

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T20:19:16Z

Weaknesses
  • CWE-538

    Insertion of Sensitive Information into Externally-Accessible File or Directory