CVE-2025-26411

{"id": "CVE-2025-26411", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2025-02-11T10:15:09.973", "references": [{"url": "https://r.sec-consult.com/wattsense", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf"}, {"url": "https://support.wattsense.com/hc/en-150/articles/13366066529437-Release-Notes", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf"}, {"url": "http://seclists.org/fulldisclosure/2025/Feb/9", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense Bridge devices to upload malicious Python files to the device. This enables an attacker to gain remote root access to the device. An attacker needs a valid user account on the Wattsense web interface\u00a0to be able to conduct this attack. This issue is fixed in recent firmware versions BSP >= 6.1.0."}, {"lang": "es", "value": "Un atacante autenticado puede usar el Administrador de complementos de la interfaz web de los dispositivos Wattsense Bridge para cargar archivos Python maliciosos en el dispositivo. Esto le permite a un atacante obtener acceso remoto a la ra\u00edz del dispositivo. Un atacante necesita una cuenta de usuario v\u00e1lida en la interfaz web de Wattsense para poder llevar a cabo este ataque. Este problema se solucion\u00f3 en las versiones recientes de firmware BSP >= 6.1.0."}], "lastModified": "2025-11-03T22:18:41.583", "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf"}