Senselive
Products
2- 10 CVEs
- 3 CVEs
Recent CVEs
11| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40630 | Cri | 0.64 | 9.8 | 0.01 | Apr 24, 2026 | A vulnerability in SenseLive X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network access to the device may be able to bypass the intended authentication mechanism… | ||
| CVE-2026-40620 | Cri | 0.64 | 9.8 | 0.01 | Apr 24, 2026 | A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management connections from any reachable host,… | ||
| CVE-2026-35503 | Cri | 0.64 | 9.8 | 0.01 | Apr 24, 2026 | A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rather than server-side verification. An attacker with access to the login page… | ||
| CVE-2026-25775 | Cri | 0.64 | 9.8 | 0.00 | Apr 24, 2026 | A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges,… | ||
| CVE-2026-27843 | Cri | 0.59 | 9.1 | 0.01 | Apr 24, 2026 | A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By applying unsupported or disruptive values to recovery mechanisms and network… | ||
| CVE-2026-40623 | Hig | 0.53 | 8.1 | 0.00 | Apr 24, 2026 | A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive functions, parameters such as… | ||
| CVE-2026-39462 | Hig | 0.53 | 8.1 | 0.00 | Apr 24, 2026 | A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the… | ||
| CVE-2026-27841 | Hig | 0.53 | 8.1 | 0.00 | Apr 24, 2026 | A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forgery (CSRF) protections. Because the application does not enforce server-side validation of request origin or implement CSRF… | ||
| CVE-2026-35064 | Hig | 0.49 | 7.5 | 0.00 | Apr 24, 2026 | A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without requiring credentials. Because… | ||
| CVE-2026-25720 | Med | 0.35 | 5.4 | 0.00 | Apr 24, 2026 | A vulnerability exists in SenseLive X3050’s web management interface due to improper session lifetime enforcement, allowing authenticated sessions to remain active for extended periods without requiring re-authentication. An attacker with access to a previously authenticated… | ||
| CVE-2026-40431 | Med | 0.34 | 5.3 | 0.00 | Apr 24, 2026 | A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication attempts and configuration data, is transmitted in cleartext, an attacker… |
- risk 0.64cvss 9.8epss 0.01
A vulnerability in SenseLive X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network access to the device may be able to bypass the intended authentication mechanism…
- risk 0.64cvss 9.8epss 0.01
A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management connections from any reachable host,…
- risk 0.64cvss 9.8epss 0.01
A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rather than server-side verification. An attacker with access to the login page…
- risk 0.64cvss 9.8epss 0.00
A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges,…
- risk 0.59cvss 9.1epss 0.01
A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By applying unsupported or disruptive values to recovery mechanisms and network…
- risk 0.53cvss 8.1epss 0.00
A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive functions, parameters such as…
- risk 0.53cvss 8.1epss 0.00
A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the…
- risk 0.53cvss 8.1epss 0.00
A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forgery (CSRF) protections. Because the application does not enforce server-side validation of request origin or implement CSRF…
- risk 0.49cvss 7.5epss 0.00
A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without requiring credentials. Because…
- risk 0.35cvss 5.4epss 0.00
A vulnerability exists in SenseLive X3050’s web management interface due to improper session lifetime enforcement, allowing authenticated sessions to remain active for extended periods without requiring re-authentication. An attacker with access to a previously authenticated…
- risk 0.34cvss 5.3epss 0.00
A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication attempts and configuration data, is transmitted in cleartext, an attacker…