CVE-2025-26408

Feb. 18, 2025, 6:15 p.m.

None
No Score

Description

The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. This enables an attacker to extract information, modify and debug the device's firmware. All known versions are affected.

Product(s) Impacted

Product Versions
Wattsense Bridge
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-1191
On-Chip Debug and Test Interface With Improper Access Control
The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface.

References

https://r.sec-consult.com/wattsense
https://support.wattsense.com/hc/en-150/articles/13366066529437-Release-Notes

Tags

551230f0-3615-47bd-b7cc-93e92e730bbf
CWE-1191
2025-02-11
CVE-2025-26408

Timeline

Published: Feb. 11, 2025, 10:15 a.m.
Last Modified: Feb. 18, 2025, 6:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

551230f0-3615-47bd-b7cc-93e92e730bbf

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.