CISA has revealed seven serious vulnerabilities in Naxclow IoT products, including popular smart doorbells and cameras, which allow attackers to hijack devices and access sensitive information. The most critical issue, CVE-2026-28742, is linked to a hard-coded key that enables request forgery across all accounts and devices. Other vulnerabilities facilitate device takeover, persistent spying, and unauthorized access to network credentials.
Users are advised to isolate affected devices and block their internet access as there are no available patches. Overall, these flaws highlight significant design weaknesses in the Naxclow platform.