JTAG Interface Vulnerability in Wattsense Bridge Devices
CVE-2025-26408

6.1MEDIUM

Key Information:

Vendor: Wattsense
Status: Wattsense Bridge
Vendor: CVE Published:; 11 February 2025

What is CVE-2025-26408?

Wattsense Bridge devices are susceptible to a vulnerability that allows attackers with physical access to the printed circuit board (PCB) to exploit the JTAG interface. This access permits full control over the device, enabling the extraction of sensitive information, as well as the modification and debugging of the device's firmware. The vulnerability impacts all known versions of the Wattsense Bridge, making it essential for users to take appropriate security measures.

Affected Version(s)

Wattsense Bridge *

References

https://r.sec-consult.com/wattsense

third-party-advisory

https://support.wattsense.com/hc/en-150/articles/13366066...

release-notes

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Feb 10, 2025

Credit

Constantin Schieber-Knöbl | SEC Consult Vulnerability Lab

Stefan Schweighofer | SEC Consult Vulnerability Lab

Steffen Robertz | SEC Consult Vulnerability Lab

JSON