CRITICAL
Naxclow
CVE published 2026-06-12
CVE-2026-28742
CVE-2026-28742 is a critical vulnerability in Naxclow devices that enables an attacker to generate valid signatures for arbitrary device or account operations. This is due to the use of a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image, combined with the system's use of plain HTTP for control-plane traffic.