VYPR

X3500 Firmware

by Senselive

CVEs (10)

  • CVE-2026-40630CriApr 24, 2026
    risk 0.64cvss 9.8epss 0.01

    A vulnerability in  SenseLive X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network access to the device may be able to bypass the intended authentication mechanism…

  • CVE-2026-40620CriApr 24, 2026
    risk 0.64cvss 9.8epss 0.01

    A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management connections from any reachable host,…

  • CVE-2026-35503CriApr 24, 2026
    risk 0.64cvss 9.8epss 0.01

    A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rather than server-side verification. An attacker with access to the login page…

  • CVE-2026-27843CriApr 24, 2026
    risk 0.59cvss 9.1epss 0.01

    A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By applying unsupported or disruptive values to recovery mechanisms and network…

  • CVE-2026-40623HigApr 24, 2026
    risk 0.53cvss 8.1epss 0.00

    A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive functions, parameters such as…

  • CVE-2026-39462HigApr 24, 2026
    risk 0.53cvss 8.1epss 0.00

    A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the…

  • CVE-2026-27841HigApr 24, 2026
    risk 0.53cvss 8.1epss 0.00

    A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forgery (CSRF) protections. Because the application does not enforce server-side validation of request origin or implement CSRF…

  • CVE-2026-35064HigApr 24, 2026
    risk 0.49cvss 7.5epss 0.00

    A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without requiring credentials. Because…

  • CVE-2026-25720MedApr 24, 2026
    risk 0.35cvss 5.4epss 0.00

    A vulnerability exists in SenseLive X3050’s web management interface due to improper session lifetime enforcement, allowing authenticated sessions to remain active for extended periods without requiring re-authentication. An attacker with access to a previously authenticated…

  • CVE-2026-40431MedApr 24, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication attempts and configuration data, is transmitted in cleartext, an attacker…