CVE-2026-25775
CRITICALSenseLive X3050 Missing authentication for critical function
Title source: cnaDescription
A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded images, or the authenticity of provided firmware.
Scores
CVSS v3
9.8
EPSS
0.0007
EPSS Percentile
20.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-306
Status
published
Products (1)
SenseLive/X3050
V1.523
Published
Apr 24, 2026
Tracked Since
Apr 24, 2026