During WiFi association, Naxclow device firmware prints the host networkβs SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell that permits arbitrary memory reads, enabling full firmware extraction. An attacker with brief physical access, common for outdoor-mounted devices, can therefore recover WiFi credentials and bootstrap firmware-side attacks.
Get an AI-powered plain-language explanation of this vulnerability and remediation steps.
Login to generate AI explanationCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2 reference(s) from NVD