CISA has disclosed multiple critical vulnerabilities in Naxclow’s IoT platform affecting smart doorbells, home systems, and cameras across all versions. These flaws allow attackers to hijack devices, extract persistent credentials, intercept communications, and maintain unauthorized access even after device resets. The vendor has not responded to CISA’s coordination attempts.

Why it matters in Western Canada: Organizations in Western Canada that deploy Naxclow IoT devices for facility management, access control, or security monitoring—particularly universities, municipal buildings, and healthcare facilities—face risks of device takeover and credential compromise affecting building operations and physical security.

CVEs: CVE-2026-42947, CVE-2026-50108, CVE-2026-50101

---

Summary generated from the original advisory. Read the full source: cisa-advisories