CVE-2026-35503
CRITICALSenseLive X3050 Use of Hard-coded Credentials
Title source: cnaDescription
A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rather than server-side verification. An attacker with access to the login page could retrieve these exposed parameters and gain unauthorized access to administrative functionality.
Scores
CVSS v3
9.8
EPSS
0.0006
EPSS Percentile
19.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (1)
SenseLive/X3050
V1.523
Published
Apr 24, 2026
Tracked Since
Apr 24, 2026