Description
A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without requiring credentials. Because discovery functions are exposed by the underlying service rather than gated by authentication, an attacker on the same network segment can rapidly enumerate targeted devices.
Published: 2026-04-24
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Device Discovery
Action: Assess Impact
AI Analysis

Impact

The vulnerability allows an unauthenticated attacker to discover deployed SenseLive X3050 units via the management protocol. It enables enumeration of device presence, identifiers, and management interfaces without credentials, effectively bypassing authentication controls. The weakness is an authentication failure (CWE-306) that may lead to information disclosure and facilitate further network reconnaissance.

Affected Systems

The affected product is SenseLive X3050. No specific firmware or configuration version is listed, so all instances of the management ecosystem are potentially impacted. The vulnerability exists in the vendor’s management protocol used by the device.

Risk and Exploitability

With a CVSS score of 8.7 the vulnerability is considered high severity. The EPSS of less than 1% indicates a very low probability of exploitation at the time of analysis, and the vulnerability is not listed in CISA’s KEV catalog. Inferred from the description, the attack requires an attacker to be on the same network segment as the device, and the exploitation path involves sending discovery requests through the exposed service. The impact is primarily information disclosure and potential pre‑requisites for further lateral movement or device compromise.

Generated by OpenCVE AI on April 28, 2026 at 14:30 UTC.

Remediation

Vendor Solution

SenseLive did not respond to CISA's requests to coordinate. Affected users are encouraged to reach out to SenseLive for more information. https://senselive.io/contact

OpenCVE Recommended Actions

  • Identify whether SenseLive X3050 devices are present in your environment.
  • Contact SenseLive for the latest mitigation guidance or product updates.
  • Apply network segmentation or firewall rules to restrict the management protocol to authorized subnets, blocking discovery traffic from untrusted networks.

Generated by OpenCVE AI on April 28, 2026 at 14:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Senselive x3500
Senselive x3500 Firmware
CPEs cpe:2.3:h:senselive:x3500:-:*:*:*:*:*:*:*
cpe:2.3:o:senselive:x3500_firmware:1.523:*:*:*:*:*:*:*
Vendors & Products Senselive x3500
Senselive x3500 Firmware

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Senselive
Senselive x3050
Vendors & Products Senselive
Senselive x3050

Fri, 24 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 24 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Description A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without requiring credentials. Because discovery functions are exposed by the underlying service rather than gated by authentication, an attacker on the same network segment can rapidly enumerate targeted devices.
Title SenseLive X3050 Missing authentication for critical function
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Senselive X3050 X3500 X3500 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-04-24T13:09:10.289Z

Reserved: 2026-04-14T15:57:14.994Z

Link: CVE-2026-35064

cve-icon Vulnrichment

Updated: 2026-04-24T13:09:06.844Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-24T00:16:27.967

Modified: 2026-04-28T19:33:33.883

Link: CVE-2026-35064

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T14:45:16Z

Weaknesses
  • CWE-306

    Missing Authentication for Critical Function