Description
A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management connections from any reachable host, enabling unrestricted modification of critical configuration parameters, operational modes, and device state through a vendor-supplied or compatible client.
Published: 2026-04-24
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Administrative Control
Action: Apply Mitigation
AI Analysis

Impact

A flaw in the embedded management service of SenseLive X3050 permits any host that can reach the device to connect to the config application without needing authentication or authorization. The vulnerability allows unrestricted changes to critical configuration parameters, operational modes, and device state. The secured administrative interface is effectively bypassed, giving an attacker full control over the impacted device.

Affected Systems

The vulnerability affects the SenseLive X3050 series. No specific firmware or version ranges are recorded in the data, so all deployed units of this model are potentially impacted.

Risk and Exploitability

With a CVSS score of 9.3 the flaw is considered critical. The EPSS score is below 1 %, indicating a low probability of exploitation at the time of analysis, and the issue is not currently listed in CISA’s KEV catalog. Nevertheless, the likely attack vector is local network exposed with no authentication to the management service, allowing an attacker who can reach the device to immediately take administrative control. The weakness is categorized as CWE‑306 (Missing Authentication).

Generated by OpenCVE AI on April 28, 2026 at 23:49 UTC.

Remediation

Vendor Solution

SenseLive did not respond to CISA's requests to coordinate. Affected users are encouraged to reach out to SenseLive for more information. https://senselive.io/contact

OpenCVE Recommended Actions

  • Contact SenseLive support through their contact page (https://senselive.io/contact) to request an official firmware update or workaround for the authentication issue.
  • Restrict access to the embedded management service by configuring firewall rules or network segmentation to allow only trusted hosts or IP ranges, thereby preventing unauthorized management connections.
  • Implement monitoring or intrusion detection to alert on unexpected management protocol traffic, and review logs for signs of unauthorized configuration attempts.

Generated by OpenCVE AI on April 28, 2026 at 23:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Senselive x3500
Senselive x3500 Firmware
CPEs cpe:2.3:h:senselive:x3500:-:*:*:*:*:*:*:*
cpe:2.3:o:senselive:x3500_firmware:1.523:*:*:*:*:*:*:*
Vendors & Products Senselive x3500
Senselive x3500 Firmware

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Senselive
Senselive x3050
Vendors & Products Senselive
Senselive x3050

Fri, 24 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 24 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Description A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management connections from any reachable host, enabling unrestricted modification of critical configuration parameters, operational modes, and device state through a vendor-supplied or compatible client.
Title SenseLive X3050 Missing authentication for critical function
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Senselive X3050 X3500 X3500 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-04-24T13:09:37.232Z

Reserved: 2026-04-14T15:57:14.990Z

Link: CVE-2026-40620

cve-icon Vulnrichment

Updated: 2026-04-24T13:09:33.665Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-24T00:16:28.690

Modified: 2026-04-28T19:32:56.537

Link: CVE-2026-40620

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T00:00:13Z

Weaknesses