EUVD-2026-25362
GHSA-3jcw-ch7p-f8v8
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionNVD
A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management connections from any reachable host, enabling unrestricted modification of critical configuration parameters, operational modes, and device state through a vendor-supplied or compatible client.
AnalysisAI
SenseLive X3050's embedded management service grants full administrative control to unauthenticated remote attackers. The CVSS 4.0 score of 9.3 with network attack vector (AV:N), low complexity (AC:L), and no required privileges (PR:N) confirms this allows complete device compromise from any network-reachable host. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify and inventory all SenseLive X3050 devices using network scanning; isolate affected devices to air-gapped or segmented networks with restricted access controls. Within 7 days: Implement network-layer access restrictions (firewall rules, VLANs) to block all inbound connections to the management service on affected devices; document baseline device configurations for integrity monitoring. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today