CVE-2026-50101
Received
Received - Intake
Naxclow Devices Persistent Relay Credential Exposure
Publication date: 2026-06-12
Last updated on: 2026-06-12
Assigner: ICS-CERT
Description
Description
Naxclow devices use a server-side, per-device relay credential that never rotates and is re-issued to the device on each boot. Because this credential remains valid indefinitely and cannot be reset or revoked by the legitimate owner, any party that obtains it through any exposure path can maintain persistent access to the deviceβs relay channel. This enables long-term impersonation or interception, even after factory resets or re-onboarding.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-262 | The product does not have a mechanism in place for managing password aging. |
