CVE-2026-25775
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk32th percentile — higher than 32% of all known CVEs
Summary
A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges or the integrity of uploaded images.
Risk Assessment
The lack of authorization in firmware update operations poses a risk of unauthorized access to the system, potentially leading to the introduction of malicious software or data loss.
Recommendation
It is recommended to implement authentication and authorization mechanisms for the remote management service and to monitor and restrict access to this service only to trusted hosts.
Original NVD description (English source)
A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded images, or the authenticity of provided firmware.

