Critical IoT Platform Flaws Enable Device Takeover
🔒 CISA published an advisory on multiple critical vulnerabilities in the Naxclow IoT Platform that allow device impersonation, credential exposure, and fleet enumeration. A replayable onboarding flow and inadequate authorization let attackers reassign devices, while persistent, non-rotating relay credentials enable long-term access. Additional weaknesses include a hard-coded platform salt for request signing, predictable device identifiers, and cleartext Wi‑Fi secrets exposed via UART.
