CVE 9.3 CRITICAL

SenseLive X3050 Insufficiently Protected Credentials_CVE-2026-39462

April 23, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the interface may indicate that the password update was successful; however, the system may continue to accept the previous or default credentials, demonstrating that the password-change process is not consistently enforced. Even after a factory reset, attempted password changes may fail to propagate correctly.

AI Analysis

Insufficiently protected credentials in SenseLive X3050’s web management interface due to improper handling of credential changes on the backend.

Basic Information

ID CVE-2026-39462

Source icscert

Published Apr 23, 2026 at 23:52

Affected Product

Vendor SenseLive

Product X3050

Version V1.523

Affected Versions SenseLive X3050 V1.523

CWE Classification

CWE-522

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor SenseLive

Product SenseLive X3050

Version V1.523

References

{
    "lastseen": "",
    "description": "A vulnerability exists in SenseLive X3050\u2019s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the interface may indicate that the password update was successful; however, the system may continue to accept the previous or default credentials, demonstrating that the password-change process is not consistently enforced. Even after a factory reset, attempted password changes may fail to propagate correctly.",
    "published": "2026-04-23T23:52:16.129Z",
    "modified": "2026-04-23T23:52:16.129Z",
    "type": "cve",
    "title": "SenseLive X3050 Insufficiently Protected Credentials",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-12\nhttps://senselive.io/contact\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-12.json",
    "id": "CVE-2026-39462",
    "bulletinFamily": "",
    "cwe": [
        "CWE-522"
    ],
    "cvelist": null,
    "sourceData": "SenseLive X3050 V1.523",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "X3050",
    "version": "V1.523",
    "vendor": "SenseLive",
    "ai_description": "Insufficiently protected credentials in SenseLive X3050\u2019s web management interface due to improper handling of credential changes on the backend.",
    "ai_severity": "Critical",
    "ai_vendor": "SenseLive",
    "ai_product": "SenseLive X3050",
    "ai_version": "V1.523",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply