Primary

Context

SenseLive X3050 Cross-Site Request Forgery Vulnerability in Web Management Interface

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the web management interface of the SenseLive X3050. This issue allows state-changing operations to be executed without adequate CSRF protections. The vulnerability arises because the application fails to enforce server-side validation of request origins or implement CSRF tokens. As a result, a malicious external webpage could potentially manipulate a user's browser into sending unauthorized configuration requests to the device.

Impact

Exploitation of this vulnerability could lead to unauthorized configuration changes on the affected device.

Remediation

SenseLive did not respond to CISA's requests to coordinate. Affected users are encouraged to reach out to SenseLive for more information.

Added: Apr 24, 2026, 12:32 AM

Updated: Apr 24, 2026, 12:32 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.2

remediation

0.0

relevance

6.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.2

remediation

0.0

relevance

6.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SenseLive X3050 Cross-Site Request Forgery Vulnerability in Web Management Interface

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating