Senselive X3050 vulnerabilities
11 known vulnerabilities affecting senselive/x3050.
Total CVEs
11
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH4MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2026-40630P2CRITICALCVSS 9.8vV1.5232026-04-24
CVE-2026-40630 [CRITICAL] CWE-288 CVE-2026-40630: A vulnerability in SenseLive X3050’s web management interface allows unauthorized access to certa
A vulnerability in
SenseLive
X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network access to the device may be able to bypass the intended authentication mechanism and directly interact with sensitive configuration functions.
nvd
CVE-2026-35503P2CRITICALCVSS 9.8vV1.5232026-04-24
CVE-2026-35503 [CRITICAL] CWE-798 CVE-2026-35503: A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be perf
A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rather than server-side verification. An attacker with access to the login page could retrieve these exposed parameters and gain unauthorized access to ad
nvd
CVE-2026-40620P2CRITICALCVSS 9.8vV1.5232026-04-24
CVE-2026-40620 [CRITICAL] CWE-306 CVE-2026-40620: A vulnerability in SenseLive X3050’s embedded management service allows full administrative control
A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management connections from any reachable host, enabling unrestricted modification of critical configuration parameters, op
nvd
CVE-2026-25775P2CRITICALCVSS 9.8vV1.5232026-04-24
CVE-2026-25775 [CRITICAL] CWE-306 CVE-2026-25775: A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update
A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded images, or the authenticity of provided firmware.
nvd
CVE-2026-27843P2CRITICALCVSS 9.1vV1.5232026-04-24
CVE-2026-27843 [CRITICAL] CWE-306 CVE-2026-27843: A vulnerability exists in SenseLive X3050's web management interface that allows critical configurat
A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By applying unsupported or disruptive values to recovery mechanisms and network settings, an attacker can induce a persistent lockout state. Because the devic
nvd
CVE-2026-39462P3HIGHCVSS 8.1vV1.5232026-04-24
CVE-2026-39462 [HIGH] CWE-522 CVE-2026-39462: A vulnerability exists in SenseLive X3050’s web management interface in which password updates are n
A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the interface may indicate that the password update was successful; however, the system
nvd
CVE-2026-35064P3HIGHCVSS 7.5vV1.5232026-04-24
CVE-2026-35064 [HIGH] CWE-306 CVE-2026-35064: A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deploy
A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without requiring credentials. Because discovery functions are exposed by the underlying service rather than gated by a
nvd
CVE-2026-40623P3HIGHCVSS 8.1vV1.5232026-04-24
CVE-2026-40623 [HIGH] CWE-862 CVE-2026-40623: A vulnerability in SenseLive X3050's web management interface allows critical system and network con
A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive functions, parameters such as IP addressing, watchdog timers, reconnect intervals, and service ports can be
nvd
CVE-2026-27841P3HIGHCVSS 8.1vV1.5232026-04-24
CVE-2026-27841 [HIGH] CWE-352 CVE-2026-27841: A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be
A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forgery (CSRF) protections. Because the application does not enforce server-side validation of request origin or implement CSRF tokens, a malicious external webpage could cause a user's browser to submit unau
nvd
CVE-2026-25720P3MEDIUMCVSS 5.4vV1.5232026-04-24
CVE-2026-25720 [MEDIUM] CWE-613 CVE-2026-25720: A vulnerability exists in SenseLive X3050’s web management interface due to improper session lifeti
A vulnerability exists in SenseLive
X3050’s web management interface due to improper session lifetime enforcement, allowing authenticated sessions to remain active for extended periods without requiring re-authentication. An attacker with access to a previously authenticated session could continue interacting with administrative functions long after
nvd
CVE-2026-40431P4MEDIUMCVSS 5.3vV1.5232026-04-24
CVE-2026-40431 [MEDIUM] CWE-319 CVE-2026-40431: A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencryp
A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication attempts and configuration data, is transmitted in cleartext, an attacker with access to the same network segment could intercept or observe sensitive
nvd