CVE-2026-40431

MEDIUM

SenseLive X3050 Cleartext transmission of sensitive information

Title source: cna
STIX 2.1

Description

A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication attempts and configuration data, is transmitted in cleartext, an attacker with access to the same network segment could intercept or observe sensitive operational information.

References (3)

Core 3

Scores

CVSS v3 5.3
EPSS 0.0019
EPSS Percentile 8.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-319
Status published
Products (2)
SenseLive/X3050 V1.523
senselive/x3500_firmware 1.523
Published Apr 24, 2026
Tracked Since Apr 24, 2026