COSMOS INTELLIGENCE SYSTEM·NVD SYNC: IDLE·KEV: 0 ENTRIES·RATE: 0/HR0%·LAST SYNC:

03:02:15 PM NPT

Intelligence News Scholarships Blog Resources Events Certificates Arsenal Tools About

LIVE

// intelligence feed

Cybersecurity intelligence, research, and operational infrastructure.

Platform

Home
Intelligence
News
Digest
Scholarships
Blog
Resources
Events
Certificates
Arsenal
Tools
About

Connect

GitHub
LinkedIn
Email

© 2026 COSMOS. Built in public.// all systems operational

COSMOS INTELLIGENCE SYSTEM·NVD SYNC: IDLE·KEV: 0 ENTRIES·RATE: 0/HR0%·LAST SYNC:

03:02:15 PM NPT

Intelligence News Scholarships Blog Resources Events Certificates Arsenal Tools About

LIVE

// cve detail

Cybersecurity intelligence, research, and operational infrastructure.

Platform

Home
Intelligence
News
Digest
Scholarships
Blog
Resources
Events
Certificates
Arsenal
Tools
About

Connect

GitHub
LinkedIn
Email

© 2026 COSMOS. Built in public.// all systems operational

CVE-2026-28742 | COSMOS

COSMOS INTELLIGENCE SYSTEM·NVD SYNC: IDLE·KEV: 0 ENTRIES·RATE: 0/HR0%·LAST SYNC:

03:02:16 PM NPT

Intelligence News Scholarships Blog Resources Events Certificates Arsenal Tools About

LIVE

All intelligence

// vulnerability record

cached · NVD via COSMOS sync

CVE-2026-28742

CRITICAL

published 2026-06-12 19:16 UTC · 13 days ago · modified 2026-06-16 15:37 UTC

9.2

CVSS / 10

// description

Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any device, an attacker can generate valid signatures for arbitrary device or account operations due to the absence of per-device keys, server-side nonce tracking, or replay protections. Combined with the system’s use of plain HTTP for control-plane traffic, the construction enables broad request forgery and impersonation across the platform.

// cvss 4.0 vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

// weaknesses (CWE)

CWE-321

// references (2)

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-162-02.json
https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-02

Cybersecurity intelligence, research, and operational infrastructure.

Platform

Home
Intelligence
News
Digest
Scholarships
Blog
Resources

Connect

GitHub
LinkedIn
Email

© 2026 COSMOS. Built in public.// all systems operational