CVE-2026-35064
HIGHSenseLive X3050 Missing authentication for critical function
Title source: cnaDescription
A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without requiring credentials. Because discovery functions are exposed by the underlying service rather than gated by authentication, an attacker on the same network segment can rapidly enumerate targeted devices.
Scores
CVSS v3
7.5
EPSS
0.0005
EPSS Percentile
15.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-306
Status
published
Products (1)
SenseLive/X3050
V1.523
Published
Apr 24, 2026
Tracked Since
Apr 24, 2026