CVE-2026-40620
CRITICALSenseLive X3050 Missing authentication for critical function
Title source: cnaDescription
A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management connections from any reachable host, enabling unrestricted modification of critical configuration parameters, operational modes, and device state through a vendor-supplied or compatible client.
Scores
CVSS v3
9.8
EPSS
0.0007
EPSS Percentile
20.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-306
Status
published
Products (1)
SenseLive/X3050
V1.523
Published
Apr 24, 2026
Tracked Since
Apr 24, 2026