EUVD-2026-25351
GHSA-j5pw-86cx-29xv
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionNVD
A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded images, or the authenticity of provided firmware.
AnalysisAI
Unauthenticated remote attackers can retrieve and replace firmware on SenseLive X3050 industrial control devices via the remote management service, which performs no authentication, authorization, or integrity validation. This allows complete device takeover by uploading malicious firmware images. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify and inventory all SenseLive X3050 devices in production and development environments; disable or restrict remote management service access via network segmentation or firewall rules. Within 7 days: Implement air-gapped or VPN-protected access to remote management functions; establish baseline firmware inventory and cryptographic hash verification procedures; escalate to vendor (SenseLive) for patch timeline and workaround guidance. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today