Back to search
CVE-2025-26411
Published: Feb 11, 2025
Modified: Nov 3, 2025
PUBLISHED
Description
An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense Bridge devices to upload malicious Python files to the device. This enables an attacker to gain remote root access to the device. An attacker needs a valid user account on the Wattsense web interface to be able to conduct this attack. This issue is fixed in recent firmware versions BSP >= 6.1.0.
| Vendor | Product | Versions |
|---|---|---|
Wattsense | Wattsense Bridge | affected 0 - < 6.1.0 |
Weaknesses (CWE)
References
https://r.sec-consult.com/wattsense
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now