CVE-2025-26408

{"id": "CVE-2025-26408", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 0.9}]}, "published": "2025-02-11T10:15:09.617", "references": [{"url": "https://r.sec-consult.com/wattsense", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf"}, {"url": "https://support.wattsense.com/hc/en-150/articles/13366066529437-Release-Notes", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "description": [{"lang": "en", "value": "CWE-1191"}]}], "descriptions": [{"lang": "en", "value": "The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. This enables an attacker to extract information, modify and debug the device's firmware. All known versions are affected."}, {"lang": "es", "value": "Se puede acceder a la interfaz JTAG de los dispositivos Wattsense Bridge mediante acceso f\u00edsico a la PCB. Despu\u00e9s de conectarse a la interfaz, es posible acceder por completo al dispositivo. Esto permite a un atacante extraer informaci\u00f3n, modificar y depurar el firmware del dispositivo. Todas las versiones conocidas se ven afectadas."}], "lastModified": "2025-03-22T15:15:38.687", "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf"}