top of page
perceptive_background_267k.jpg

A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forgery (CSRF) …

Published:

23 April 2026 at 22:00:00

Alert date:

24 April 2026 at 15:07:56

Source:

nvd.nist.gov

Click to open the original link from this advisory

Mobile & IoT, Critical Infrastructure

A Cross-Site Request Forgery (CSRF) vulnerability exists in SenseLive X3050's web management interface. The vulnerability allows state-changing operations to be triggered without proper CSRF protections. The application lacks server-side validation of request origin and does not implement CSRF tokens. Malicious external webpages can cause user browsers to submit unauthorized configuration requests to the device. This affects the device's web management interface and could lead to unauthorized configuration changes.

Technical details

Mitigation steps:

Affected products:

SenseLive X3050

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-27841
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-12.json
https://senselive.io/contact
https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-12

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page