CVE-2026-40623— SenseLive X3050 Missing Authorization

CVSS 8.1 · High EPSS 0.03% · P10 Updated Apr 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-40623

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

SenseLive X3050 Missing Authorization

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive functions, parameters such as IP addressing, watchdog timers, reconnect intervals, and service ports can be set to unsupported or unsafe values. These configuration changes directly affect core device behaviour and recovery mechanisms. The lack of proper validation and safeguards allows critical system functions to be altered in a manner that can destabilize device operation or render the device persistently unavailable.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

授权机制缺失

Source: NVD (National Vulnerability Database)

Vulnerability Title

SenseLive X3050 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

SenseLive X3050是日本SenseLive公司的一款面向物联网场景的数据采集与环境监测设备。 SenseLive X3050存在安全漏洞，该漏洞源于对关键系统及网络配置参数的修改缺乏充分验证和安全控制，可能导致攻击者将IP地址、看门狗定时器、重连间隔和服务端口等参数设置为不支持或不安全的值，从而破坏设备操作稳定性或导致设备持续不可用。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
SenseLive	X3050	V1.523	-

II. Public POCs for CVE-2026-40623

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-40623

请登录查看更多情报信息。

Same Patch Batch · SenseLive · 2026-04-23 · 7 CVEs total

CVE-2026-40630	9.8 CRITICAL	SenseLive X3050 Authentication bypass using an alternate path or channel
CVE-2026-35503	9.8 CRITICAL	SenseLive X3050 Use of Hard-coded Credentials
CVE-2026-27843	9.1 CRITICAL	SenseLive X3050 Missing authentication for critical function
CVE-2026-39462	8.1 HIGH	SenseLive X3050 Insufficiently Protected Credentials
CVE-2026-25720	5.4 MEDIUM	SenseLive X3050 Insufficient session expiration
CVE-2026-40431	5.3 MEDIUM	SenseLive X3050 Cleartext transmission of sensitive information

IV. Related Vulnerabilities

Same product: X3050

Same vendor: SenseLive

Same weakness: CWE-862

V. Comments for CVE-2026-40623

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-40623— SenseLive X3050 Missing Authorization

I. Basic Information for CVE-2026-40623

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-40623

III. Intelligence Information for CVE-2026-40623

Same Patch Batch · SenseLive · 2026-04-23 · 7 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-40623

Leave a comment