Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

CVE-2026-50108— Naxclow IoT Platform Missing Authorization

CVSS 7.5 · High EPSS 0.42% · P34

Affected Version Matrix 4

VendorProductVersion RangeStatus
Naxclowix camAllaffected
NaxclowSmart Doorbell X3Allaffected
NaxclowV720Allaffected
NaxclowX Smart HomeAllaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-50108

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Naxclow IoT Platform Missing Authorization
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Naxclow platform API that returns device relay registration details exposes a persistent credential without verifying that the requester is the legitimate device or owner. An actor able to present a platform-valid request signature can retrieve credentials for arbitrary devices and register on the relay as that device, enabling interception and disruption of its communications.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
Naxclow Smart Doorbell X3 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Naxclow Smart Doorbell X3是Naxclow的一个智能家居视频门铃。 Naxclow Smart Doorbell X3存在授权问题漏洞,该漏洞源于平台API在返回设备中继注册详情时未验证请求者是否为合法设备或所有者,暴露持久凭据,攻击者能够提供平台有效请求签名,检索任意设备凭据并在中继上注册为该设备,从而拦截和破坏其通信。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
NaxclowSmart Doorbell X3 All -
NaxclowX Smart Home All -
NaxclowV720 All -
Naxclowix cam All -

II. Public POCs for CVE-2026-50108

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-50108

登录查看更多情报信息。

Vendor Advisories for CVE-2026-50108 (1)

Same Patch Batch · Naxclow · 2026-06-12 · 7 CVEs total

CVE-2026-287429.8 CRITICALNaxclow IoT Platform Use of hard-coded cryptographic key
CVE-2026-429478.8 HIGHNaxclow IoT Platform Authorization bypass through User-Controlled key
CVE-2026-501018.1 HIGHNaxclow IoT Platform Not using password aging
CVE-2026-429325.3 MEDIUMNaxclow IoT Platform Generation of Predictable Numbers or Identifiers
CVE-2026-502445.3 MEDIUMNaxclow IoT Platform Missing Authorization
CVE-2026-500994.6 MEDIUMNaxclow IoT Platform Insertion of sensitive information into Externally-Accessible file or

IV. Related Vulnerabilities

Same product: Smart Doorbell X3
Same vendor: Naxclow
Same weakness: CWE-862

V. Comments for CVE-2026-50108

No comments yet

Leave a comment