CVE Catalog

CVE-2026-42932

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile — higher than 11% of all known CVEs

Summary

Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Additionally, the platform exposes an endpoint that reveals the current identifier high-water mark, allowing for enumeration of the active fleet.

Risk Assessment

The organization may be at risk of exposing information about active devices, which could lead to unauthorized access or attacks on those devices.

Recommendation

It is recommended to implement security mechanisms that prevent access to endpoints revealing identifiers and to consider changing the identifier generation method to increase randomness.

Original NVD description (English source)

Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endpoint that reveals the current identifier high-water mark, the active fleet can be enumerated.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS