CVE-2026-40623 HIGH

CVE-2026-40623: SenseLive X3050 Missing Authorization

Vendor Senselive
Product X3050
Weakness CWE-862 · Missing authorization
Published April 23, 2026
Last update April 24, 2026

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive functions, parameters such as IP addressing, watchdog timers, reconnect intervals, and service ports can be set to unsupported or unsafe values. These configuration changes directly affect core device behaviour and recovery mechanisms. The lack of proper validation and safeguards allows critical system functions to be altered in a manner that can destabilize device operation or render the device persistently unavailable.

Key dates

02Disclosure timeline

April 23, 2026 CVE published
April 24, 2026 Record updated