Physical Access Vulnerability in Wattsense Bridge Devices
CVE-2025-26409

6.8MEDIUM

Key Information:

Vendor: Wattsense
Status: Wattsense Bridge
Vendor: CVE Published:; 11 February 2025

What is CVE-2025-26409?

A vulnerability exists in the Wattsense Bridge devices that allows unauthorized physical access to the serial interface on the PCB. This enables a person with physical access to connect to the interface, gaining entry to the bootloader and a Linux login prompt. Exploiting this access can result in a root shell on the device, posing significant security risks. Wattsense has addressed this issue in firmware versions BSP 6.4.1 and above, highlighting the importance of keeping devices updated to protect against such vulnerabilities.

Affected Version(s)

Wattsense Bridge 0 < 6.4.1

References

https://r.sec-consult.com/wattsense

third-party-advisory

https://support.wattsense.com/hc/en-150/articles/13366066...

release-notes

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Feb 10, 2025

Credit

Constantin Schieber-Knöbl | SEC Consult Vulnerability Lab

Stefan Schweighofer | SEC Consult Vulnerability Lab

Steffen Robertz | SEC Consult Vulnerability Lab

JSON