CVE-2026-42932
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk11th percentile — higher than 11% of all known CVEs
Summary
Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Additionally, the platform exposes an endpoint that reveals the current identifier high-water mark, allowing for enumeration of the active fleet.
Risk Assessment
The organization may be at risk of exposing information about active devices, which could lead to unauthorized access or attacks on those devices.
Recommendation
It is recommended to implement security mechanisms that prevent access to endpoints revealing identifiers and to consider changing the identifier generation method to increase randomness.
Original NVD description (English source)
Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endpoint that reveals the current identifier high-water mark, the active fleet can be enumerated.

