Home

Description

During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell that permits arbitrary memory reads, enabling full firmware extraction. An attacker with brief physical access, common for outdoor-mounted devices, can therefore recover WiFi credentials and bootstrap firmware-side attacks.

PUBLISHED Reserved 2026-06-08 | Published 2026-06-12 | Updated 2026-06-12 | Assigner icscert




MEDIUM: 5.1CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

MEDIUM: 4.6CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-538 Insertion of sensitive information into Externally-Accessible file or directory

Product status

Default status
unaffected

All
affected

Default status
unaffected

All
affected

Default status
unaffected

All
affected

Default status
unaffected

All
affected

Credits

Temuri Takalandze reported this vulnerability to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-26-162-02

github.com/...p/csaf_files/OT/white/2026/icsa-26-162-02.json

cve.org (CVE-2026-50099)

nvd.nist.gov (CVE-2026-50099)

Download JSON