CVE-2025-26411 – Wattsense Bridge Remote Code Execution Vulnerability

The following table lists the changes that have been made to the CVE-2025-26411 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics.

  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Feb. 11, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Added CWE CWE-434
  • New CVE Received by 551230f0-3615-47bd-b7cc-93e92e730bbf

    Feb. 11, 2025

    Action Type Old Value New Value
    Added Description An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense Bridge devices to upload malicious Python files to the device. This enables an attacker to gain remote root access to the device. An attacker needs a valid user account on the Wattsense web interface to be able to conduct this attack. This issue is fixed in recent firmware versions BSP >= 6.1.0.
    Added CWE CWE-434
    Added Reference https://r.sec-consult.com/wattsense
    Added Reference https://support.wattsense.com/hc/en-150/articles/13366066529437-Release-Notes

نوشته های مشابه

CVE-2024-10644 – Ivanti Connect Secure and Ivanti Policy Secure Code Injection Vulnerability

CVE-2024-47908 – Ivanti CSA OS Command Injection Vulnerability

CVE-2025-22467 – Ivanti Connect Secure Stack-Based Buffer Overflow Vulnerability

CVE-2025-24896 – Misskey Persistent Authentication Token Vulnerability