Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-27843— SenseLive X3050 Missing authentication for critical function

CVSS 9.1 · Critical EPSS 0.08% · P23
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-27843

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
SenseLive X3050 Missing authentication for critical function
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By applying unsupported or disruptive values to recovery mechanisms and network settings, an attacker can induce a persistent lockout state. Because the device lacks a physical reset button, recovery requires specialized technical access via the console to perform a factory reset, resulting in a total denial-of-service for the gateway and its connected RS-485 downstream systems.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
关键功能的认证机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
SenseLive X3050 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SenseLive X3050是日本SenseLive公司的一款面向物联网场景的数据采集与环境监测设备。 SenseLive X3050存在访问控制错误漏洞,该漏洞源于Web管理接口允许在缺乏充分身份验证或服务器端验证的情况下修改关键配置参数,可能导致设备持久锁定状态,由于设备缺乏物理重置按钮,恢复需要控制台专用技术访问进行出厂重置,导致网关及其连接的RS-485下游系统完全拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
SenseLiveX3050 V1.523 -

II. Public POCs for CVE-2026-27843

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-27843

Please Login to view more intelligence information

Same Patch Batch · SenseLive · 2026-04-23 · 7 CVEs total

CVE-2026-406309.8 CRITICALSenseLive X3050 Authentication bypass using an alternate path or channel
CVE-2026-355039.8 CRITICALSenseLive X3050 Use of Hard-coded Credentials
CVE-2026-394628.1 HIGHSenseLive X3050 Insufficiently Protected Credentials
CVE-2026-406238.1 HIGHSenseLive X3050 Missing Authorization
CVE-2026-257205.4 MEDIUMSenseLive X3050 Insufficient session expiration
CVE-2026-404315.3 MEDIUMSenseLive X3050 Cleartext transmission of sensitive information

IV. Related Vulnerabilities

Same product: X3050
Same vendor: SenseLive
Same weakness: CWE-306

V. Comments for CVE-2026-27843

No comments yet

Leave a comment