CVE-2025-26408— Unprotected JTAG Interface
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-26408
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unprotected JTAG Interface
Source: NVD (National Vulnerability Database)
Vulnerability Description
The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. This enables an attacker to extract information, modify and debug the device's firmware. All known versions are affected.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1191
Source: NVD (National Vulnerability Database)
Vulnerability Title
Wattsense Bridge 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Wattsense Bridge是Wattsense公司的一款直观且功能强大的物联网网关。 Wattsense Bridge存在安全漏洞。攻击者利用该漏洞可以提取信息、修改和调试设备的固件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Wattsense | Wattsense Bridge | * | - |
II. Public POCs for CVE-2025-26408
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-26408
请登录查看更多情报信息。
- Release Notes – Wattsense Support Portalrelease-notes
- Multiple vulnerabilities in Wattsense Bridge - SEC Consultthird-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-26408
Same Patch Batch · Wattsense · 2025-02-11 · 4 CVEs total
| CVE-2025-26409 | Access to Bootloader and Shell Over Serial Interface | |
| CVE-2025-26410 | Weak Hard-coded Credentials | |
| CVE-2025-26411 | Authenticated Arbitrary Python File Upload via Plugin Manager |
IV. Related Vulnerabilities
V. Comments for CVE-2025-26408
No comments yet