CVE-2026-42932
5.3 MEDIUMNaxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerab...
Published: 2026-06-12 · Last updated: 2026-06-12
Severity and scoring
- CVSS
- 5.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- CWE
- CWE-340
Description
Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endpoint that reveals the current identifier high-water mark, the active fleet can be enumerated.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-45673 — Netty is a network application framework for development of protocol servers and clients (6.8 MEDIUM)
- CVE-2026-8503 — Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids (6.5 MEDIUM)
- CVE-2026-5081 — Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure (9.1 CRITICAL)