Description
A vulnerability exists in SenseLive

X3050’s web management interface due to improper session lifetime enforcement, allowing authenticated sessions to remain active for extended periods without requiring re-authentication. An attacker with access to a previously authenticated session could continue interacting with administrative functions long after legitimate user activity has ceased.
Published: 2026-04-23
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized persistent administrative access
Action: Contact vendor
AI Analysis

Impact

A flaw in the session management of the SenseLive X3050 web interface allows authenticated sessions to remain active for longer than intended, meaning that an attacker who has already logged in can continue to use the interface without re‑authentication. This leads to the possibility of performing additional administrative actions, modifying configuration settings, or viewing sensitive information for an extended period.

Affected Systems

The vulnerability affects the SenseLive X3050 model, specifically its web management interface. No specific firmware or software versions are listed, so all installations of the X3050 are assumed to be susceptible.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity. The EPSS score of less than 1% suggests that the probability of exploitation is low. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires an existing authenticated session, so the attack vector is likely internal or through a compromised account. Overall risk is moderate but the likelihood of an attacker gaining sustained privileged access is considered low with current public knowledge.

Generated by OpenCVE AI on April 28, 2026 at 14:34 UTC.

Remediation

Vendor Solution

SenseLive did not respond to CISA's requests to coordinate. Affected users are encouraged to reach out to SenseLive for more information. https://senselive.io/contact

OpenCVE Recommended Actions

  • Contact SenseLive support for a patch or additional guidance
  • If possible, configure the device to enforce a shorter session timeout or require re‑authentication after a defined period
  • Set up monitoring and logging of administrative activity to detect and respond to anomalous or unauthorized actions

Generated by OpenCVE AI on April 28, 2026 at 14:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Senselive x3500
Senselive x3500 Firmware
CPEs cpe:2.3:h:senselive:x3500:-:*:*:*:*:*:*:*
cpe:2.3:o:senselive:x3500_firmware:1.523:*:*:*:*:*:*:*
Vendors & Products Senselive x3500
Senselive x3500 Firmware

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Senselive
Senselive x3050
Vendors & Products Senselive
Senselive x3050

Fri, 24 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 24 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description A vulnerability exists in SenseLive X3050’s web management interface due to improper session lifetime enforcement, allowing authenticated sessions to remain active for extended periods without requiring re-authentication. An attacker with access to a previously authenticated session could continue interacting with administrative functions long after legitimate user activity has ceased.
Title SenseLive X3050 Insufficient session expiration
Weaknesses CWE-613
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Senselive X3050 X3500 X3500 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-04-24T13:11:12.953Z

Reserved: 2026-04-14T16:05:54.140Z

Link: CVE-2026-25720

cve-icon Vulnrichment

Updated: 2026-04-24T13:11:09.221Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-24T00:16:26.577

Modified: 2026-04-28T19:31:49.597

Link: CVE-2026-25720

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T14:45:16Z

Weaknesses