SenseLive X3050 Web Management Interface Vulnerability Allowing Unauthorized Configuration Changes and Denial-of-Service
Vulnerability
A vulnerability in the web management interface of the SenseLive X3050 gateway allows critical configuration parameters to be altered without proper authentication or server-side validation. This issue can be exploited by applying unsupported or disruptive values to recovery mechanisms and network settings, leading to a persistent lockout state. The device does not have a physical reset button, so recovery requires specialized technical access via the console to perform a factory reset. This situation causes a total denial-of-service for the gateway and its connected RS-485 downstream systems.
Impact
Exploitation of this vulnerability can result in unauthorized configuration changes, causing a persistent lockout state on the device. This lockout disrupts the normal operation of the gateway and creates a total denial-of-service for the connected RS-485 downstream systems.
Remediation
SenseLive did not respond to CISA's requests to coordinate. Affected users are encouraged to reach out to SenseLive for more information.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.