CISA Discloses Critical Vulnerabilities in Naxclow IoT Platform (CVSS 9.8)
Summary
CISA has disclosed multiple critical vulnerabilities in the Naxclow IoT Platform, including authorization bypass, missing authentication, hard-coded cryptographic keys, predictable identifiers, and sensitive information exposure. Successful exploitation could allow attackers to impersonate devices, intercept communications, harvest credentials at scale, or gain unauthorized access. The vulnerabilities carry a CVSS score of 9.8 (critical).
Source

Key quotes
· 2 pulledSuccessful exploitation of these vulnerabilities could allow an attacker to impersonate devices, intercept or manipulate communications, harvest sensitive credentials at scale, or gain unauthorized access.
Authorization Bypass Through User-Controlled Key, Missing Authorization, Not Using Password Aging, Use of Hard-coded Cryptographic Key, Generation of Predictable Numbers or Identifiers, Insertion of Sensitive Information
You might also wanna read
Critical Security Vulnerability CVE-2025-66478 in React Server Components Protocol
A critical security vulnerability (CVE-2025-66478) has been discovered in the React Server Components (RSC) protocol with a CVSS score of 10

WAF - WAF Release - 2025-08-18
Critical Redis Vulnerability (CVE-2025-49844) Allows Remote Code Execution with Maximum CVSS Score
Wiz Research has discovered a critical remote code execution vulnerability (CVE-2025-49844, nicknamed #RediShell) in Redis, the widely used
Critical GitHub Copilot Vulnerability Allowed Source Code and Secret Exfiltration
A critical vulnerability (CVSS 9.6) was discovered in GitHub Copilot Chat in June 2025 that allowed attackers to silently exfiltrate secrets
Critical Redis Security Vulnerability CVE-2025-49844 Allows Remote Code Execution
Redis has identified and fixed a critical security vulnerability (CVE-2025-49844) that allows authenticated users to execute remote code thr

Comments
Sign in to join the conversation.
No comments yet. Be the first.