Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rather than server-side verification. An attacker with access to the login page could retrieve these exposed parameters and gain unauthorized access to administrative functionality.
AnalysisAI
Client-side authentication bypass in SenseLive X3050's web management interface allows remote unauthenticated attackers to gain full administrative access by extracting hardcoded credentials from browser-executed JavaScript. The vulnerability enables complete compromise of device management with zero technical barriers (CVSS 9.3, AV:N/AC:L/PR:N). CISA ICS-CERT has published an advisory, indicating this affects operational technology environments where administrative access to industrial sensors could enable process manipulation or monitoring disruption.
Technical ContextAI
This vulnerability stems from a critical authentication anti-pattern (CWE-798: Use of Hard-coded Credentials) where the SenseLive X3050 web management interface implements authentication logic entirely in client-side JavaScript. The login mechanism relies on hardcoded credentials or authentication tokens embedded in browser-executed scripts rather than performing server-side credential verification. When a user accesses the login page, the authentication parameters are delivered to the browser where they can be extracted through simple inspection of JavaScript source code or network traffic. This architectural flaw violates fundamental security principles that authentication decisions must occur on trusted server-side components, not within attacker-controllable client environments. The CPE identifier (cpe:2.3:a:senselive:x3050) indicates this affects the SenseLive X3050 product line, an industrial monitoring device commonly deployed in operational technology (OT) and critical infrastructure environments.
RemediationAI
Organizations must immediately restrict network access to SenseLive X3050 web management interfaces as an emergency compensating control while awaiting vendor remediation. Implement strict network segmentation to prevent any untrusted network access to the management interface - place devices behind firewalls allowing access only from dedicated management VLANs or jump hosts with IP address whitelisting. Deploy application-layer authentication proxies (such as reverse proxies with OAuth/SAML enforcement) in front of the vulnerable interface to add server-side authentication that the device lacks natively, though this adds operational complexity and potential performance impact. Monitor all access attempts to X3050 management interfaces through network traffic analysis and log correlation to detect exploitation attempts characterized by successful authentication without corresponding legitimate credential use. Contact SenseLive directly via https://senselive.io/contact to request emergency patch timeline and interim security guidance. Review the complete CISA advisory at https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-12 for additional vendor-specific mitigations. For devices that cannot be isolated, consider temporarily disabling the web management interface entirely if alternative management methods (serial console, local configuration) are available, accepting the operational trade-off of reduced remote manageability for elimination of critical exposure.
Unauthenticated remote attackers can retrieve and replace firmware on SenseLive X3050 industrial control devices via the
SenseLive X3050's embedded management service grants full administrative control to unauthenticated remote attackers. Th
Authentication bypass in SenseLive X3050 web management interface allows remote unauthenticated attackers to gain admini
Remote unauthenticated attackers can permanently disable SenseLive X3050 industrial gateways and connected RS-485 downst
Unauthenticated network discovery in SenseLive X3050 management ecosystem exposes device presence, identifiers, and mana
Cross-Site Request Forgery in SenseLive X3050's web management interface enables authenticated attackers to force victim
Unauthorized configuration tampering in SenseLive X3050 web management interface allows authenticated attackers to set c
SenseLive X3050 web management interface transmits all administrative communication including authentication credentials
Same weakness CWE-798 – Use of Hard-coded Credentials
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25359
GHSA-44q2-xjg6-chh9