Primary

Context

SenseLive X3050 Missing Authentication Vulnerability in Remote Management Service

Vulnerability

A vulnerability exists in the SenseLive X3050 remote management service, allowing firmware retrieval and update operations to be conducted without authentication or authorization. The service accepts firmware-related requests from any reachable host and fails to verify user privileges, the integrity of uploaded images, or the authenticity of the provided firmware. This vulnerability affects SenseLive X3050 version 1.523.

Impact

Exploitation of this vulnerability could allow an attacker to gain complete control of the device.

Remediation

SenseLive did not respond to CISA's requests to coordinate. Affected users are encouraged to reach out to SenseLive for more information.

Added: Apr 24, 2026, 12:33 AM

Updated: Apr 24, 2026, 12:33 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

7.4

remediation

0.0

relevance

6.6

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

7.4

remediation

0.0

relevance

6.6

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SenseLive X3050 Missing Authentication Vulnerability in Remote Management Service

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating