Naxclow IoT Platform
Summary
The Naxclow IoT Platform is affected by multiple critical vulnerabilities, including authorization bypass, missing authorization, and use of hard-coded cryptographic keys. Successful exploitation could allow attackers to impersonate devices, intercept communications, or gain unauthorized access to sensitive credentials. Naxclow has not responded to CISA's attempts to coordinate these vulnerabilities, leaving users with limited remediation options.
IFF Assessment
These vulnerabilities allow attackers to easily compromise IoT devices, leading to potential data theft and unauthorized access, which is detrimental to defenders.
Severity
The CVSS score of 9.8 indicates a critical vulnerability. Factors contributing to this score include the potential for unauthorized access, device impersonation, and data harvesting, all with a low attack complexity and no user interaction required.
Defender Context
This alert highlights significant risks associated with the Naxclow IoT Platform, particularly its impact on commercial facilities and global deployment. Defenders should be aware of these vulnerabilities and the lack of vendor response, urging them to implement network segmentation and consider device replacement if possible. The broad impact and lack of remediation from the vendor make this a high-priority concern.