5 matches found
CVE-2025-26411
An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense Bridge devices to upload malicious Python files to the device. This enables an attacker to gain remote root access to the device. An attacker needs a valid user account on the Wattsense web...
CVE-2025-26411
creationtimestamp| type| source ---|---|--- 2025-02-11 09:27:50+00:00| seen| https://infosec.exchange/users/cve/statuses/113984541162452285 2025-02-11 10:16:11+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhvgimlhwp2x 2025-02-11 16:48:30+00:00| seen|...
CVE-2025-26411 Authenticated Arbitrary Python File Upload via Plugin Manager
An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense Bridge devices to upload malicious Python files to the device. This enables an attacker to gain remote root access to the device. An attacker needs a valid user account on the Wattsense web...
CVE-2025-26411 Authenticated Arbitrary Python File Upload via Plugin Manager
An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense Bridge devices to upload malicious Python files to the device. This enables an attacker to gain remote root access to the device. An attacker needs a valid user account on the Wattsense web...
CVE-2025-26411
Wattsense Bridge devices are affected by CVE-2025-26411 through the web interface Plugin Manager. An authenticated attacker with a valid Wattsense web account can upload malicious Python files to the device, enabling remote root access. The vulnerability is tied to the Plugin Manager functionalit...