Skip to main content

X3500 Firmware

2 CVEs product

Monthly

CVE-2026-40630 CRITICAL CISA Emergency

Remote unauthenticated attackers can bypass authentication and access sensitive configuration endpoints in SenseLive X3050's web management interface. The vulnerability enables complete device compromise without credentials due to improper access control enforcement (CWE-288). Reported by ICS-CERT and published in CISA advisory ICSA-26-111-12, this affects operational technology environments where the X3050 is deployed. With CVSS 9.3 (Critical) and network attack vector requiring no privileges or user interaction (AV:N/AC:L/PR:N/UI:N), this presents immediate risk to internet-exposed or network-accessible devices.

Authentication Bypass X3500 Firmware
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-25720 MEDIUM CISA This Month

Improper session lifetime enforcement in SenseLive X3050's web management interface allows attackers with access to a previously authenticated session to maintain administrative access without re-authentication, potentially enabling unauthorized configuration changes or information disclosure. The vulnerability affects the product's session management mechanism, permitting extended session validity beyond legitimate user activity windows. CVSS 6.9 indicates moderate risk; exploitation requires prior session compromise but no special configuration.

Information Disclosure X3500 Firmware
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
EPSS 0% CVSS 9.3
CRITICAL Emergency

Remote unauthenticated attackers can bypass authentication and access sensitive configuration endpoints in SenseLive X3050's web management interface. The vulnerability enables complete device compromise without credentials due to improper access control enforcement (CWE-288). Reported by ICS-CERT and published in CISA advisory ICSA-26-111-12, this affects operational technology environments where the X3050 is deployed. With CVSS 9.3 (Critical) and network attack vector requiring no privileges or user interaction (AV:N/AC:L/PR:N/UI:N), this presents immediate risk to internet-exposed or network-accessible devices.

Authentication Bypass X3500 Firmware
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM This Month

Improper session lifetime enforcement in SenseLive X3050's web management interface allows attackers with access to a previously authenticated session to maintain administrative access without re-authentication, potentially enabling unauthorized configuration changes or information disclosure. The vulnerability affects the product's session management mechanism, permitting extended session validity beyond legitimate user activity windows. CVSS 6.9 indicates moderate risk; exploitation requires prior session compromise but no special configuration.

Information Disclosure X3500 Firmware
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy