CVE-2026-39462 CRITICAL

CVE-2026-39462: SenseLive X3050 Insufficiently Protected Credentials

Vendor Senselive
Product X3050
Weakness CWE-522 · Insufficiently protected credentials
Published April 23, 2026
Last update April 24, 2026

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the interface may indicate that the password update was successful; however, the system may continue to accept the previous or default credentials, demonstrating that the password-change process is not consistently enforced. Even after a factory reset, attempted password changes may fail to propagate correctly.

Key dates

02Disclosure timeline

April 23, 2026 CVE published
April 24, 2026 Record updated