A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forgery (CSRF) …

A Cross-Site Request Forgery (CSRF) vulnerability in SenseLive X3050's web management interface allows unauthorized state-changing operations. The application lacks proper CSRF protections including server-side validation of request origin and CSRF tokens. This vulnerability enables malicious external webpages to cause a user's browser to submit unauthorized configuration requests to the device. The flaw affects the web management interface specifically and could lead to unauthorized device configuration changes. This is classified as a high-severity vulnerability affecting IoT device management systems.