CVE Catalog

CVE-2026-25775

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.41%

32th percentile — higher than 32% of all known CVEs

Summary

A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges or the integrity of uploaded images.

Risk Assessment

The lack of authorization in firmware update operations poses a risk of unauthorized access to the system, potentially leading to the introduction of malicious software or data loss.

Recommendation

It is recommended to implement authentication and authorization mechanisms for the remote management service and to monitor and restrict access to this service only to trusted hosts.

Original NVD description (English source)

A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded images, or the authenticity of provided firmware.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS