CVE-2026-42932
published 2026-06-12CVE-2026-42932: Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space…
PriorityP426medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.23%
14.1th percentile
Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endpoint that reveals the current identifier high-water mark, the active fleet can be enumerated.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| naxclow | ix_cam | — | — |
| naxclow | smart_doorbell_x3 | — | — |
| naxclow | v720 | — | — |
| naxclow | x_smart_home | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Naxclow Smart Doorbell X3/X Smart Home/V720/ix cam Device Identifier generation of predictable numbers or identifiers (icsa-26-162-02 / EUVD-2026-36532)
vuldb·2026-06-12·CVSS 5.3
CVE-2026-42932 [MEDIUM] Naxclow Smart Doorbell X3/X Smart Home/V720/ix cam Device Identifier generation of predictable numbers or identifiers (icsa-26-162-02 / EUVD-2026-36532)
A vulnerability described as problematic has been identified in Naxclow Smart Doorbell X3, X Smart Home, V720 and ix cam. This issue affects some unknown processing of the component Device Identifier Handler. The manipulation results in generation of predictable numbers or identifiers.
This vulnerability is cataloged as CVE-2026-42932. The attack may be launched remotely. There is no exploit available.
Upgrading the affected component is recommended.
GHSA
Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space.
ghsa_unreviewed·2026-06-12
CVE-2026-42932 [MEDIUM] CWE-340 Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space.
Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endpoint that reveals the current identifier high-water mark, the active fleet can be enumerated.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-12
Published