Description
A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication attempts and configuration data, is transmitted in cleartext, an attacker with access to the same network segment could intercept or observe sensitive operational information.
Published: 2026-04-23
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information disclosure via cleartext transmission in management interface
Action: Vendor Contact
AI Analysis

Impact

The vulnerability lies in SenseLive X3050’s web management interface, which exclusively uses unencrypted HTTP for all administrative communication. As a result, the interface transmits authentication credentials, configuration data, and other sensitive operational information in cleartext. An attacker who can observe traffic on the same network segment could intercept and decode this information, leading to confidential process data exposure and potential credential compromise, thereby violating confidentiality.

Affected Systems

The affected product is SenseLive X3050. No specific firmware or software version is identified beyond the product model itself, indicating that all deployments of this model are susceptible until a remediation is applied.

Risk and Exploitability

The CVSS score of 6.9 positions the issue in the moderate severity range. The EPSS score of less than 1 percent suggests that exploitation occurrence is unlikely at present, and the vulnerability is not listed in the CISA KEV catalog. The attack requires network access to the management interface, implying that an attacker must already be on or able to observe the same local network segment. Because the data is transmitted without encryption, interception is straightforward for an attacker in this position. The risk is thus moderate, with potential for significant confidential data leakage if an adversary gains local network access.

Generated by OpenCVE AI on April 28, 2026 at 07:13 UTC.

Remediation

Vendor Solution

SenseLive did not respond to CISA's requests to coordinate. Affected users are encouraged to reach out to SenseLive for more information. https://senselive.io/contact

OpenCVE Recommended Actions

  • Restrict the web management interface using firewall or VLAN rules so that only trusted IP addresses can reach the HTTP port.
  • Contact SenseLive via the provided support channel to request a firmware update or secure management solution; consider disabling unused services as a temporary measure.
  • Deploy network monitoring or intrusion detection to detect cleartext HTTP traffic, and if possible, tunnel management traffic through a VPN or an SSL/TLS proxy to enforce encryption until a vendor patch becomes available.

Generated by OpenCVE AI on April 28, 2026 at 07:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Senselive x3500
Senselive x3500 Firmware
CPEs cpe:2.3:h:senselive:x3500:-:*:*:*:*:*:*:*
cpe:2.3:o:senselive:x3500_firmware:1.523:*:*:*:*:*:*:*
Vendors & Products Senselive x3500
Senselive x3500 Firmware

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Senselive
Senselive x3050
Vendors & Products Senselive
Senselive x3050

Fri, 24 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 24 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Description A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication attempts and configuration data, is transmitted in cleartext, an attacker with access to the same network segment could intercept or observe sensitive operational information.
Title SenseLive X3050 Cleartext transmission of sensitive information
Weaknesses CWE-319
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Senselive X3050 X3500 X3500 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-04-24T18:18:43.495Z

Reserved: 2026-04-14T15:57:14.948Z

Link: CVE-2026-40431

cve-icon Vulnrichment

Updated: 2026-04-24T16:50:37.658Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-24T00:16:28.527

Modified: 2026-04-28T19:33:07.773

Link: CVE-2026-40431

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T09:25:33Z

Weaknesses