CVE-2026-50099

Summary

During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell that permits arbitrary memory reads, enabling full firmware extraction. An attacker with brief physical access, common for outdoor-mounted devices, can therefore recover WiFi credentials and bootstrap firmware-side attacks.

Affected Software

VendorProductVersion RangeStatus
NaxclowSmart Doorbell X3Allaffected
NaxclowX Smart HomeAllaffected
NaxclowV720Allaffected
Naxclowix camAllaffected

Weaknesses

  • CWE-538: CWE-538 Insertion of sensitive information into Externally-Accessible file or directory

Workarounds

Naxclow did not respond to CISA's attempts to coordinate these vulnerabilities. Users should contact Naxclow for more information.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References