Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-26408
PUBLISHED
More InfoOfficial Page
Assigner-SEC-VLab
Assigner Org ID-551230f0-3615-47bd-b7cc-93e92e730bbf
View Known Exploited Vulnerability (KEV) details
Published At-11 Feb, 2025 | 09:14
Updated At-03 Nov, 2025 | 21:12
Rejected At-
▼CVE Numbering Authority (CNA)
Unprotected JTAG Interface

The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. This enables an attacker to extract information, modify and debug the device's firmware. All known versions are affected.

Affected Products
Vendor
Wattsense
Product
Wattsense Bridge
Default Status
affected
Versions
Affected
  • *
Problem Types
TypeCWE IDDescription
CWECWE-1191CWE-1191 On-Chip Debug and Test Interface With Improper Access Control
Type: CWE
CWE ID: CWE-1191
Description: CWE-1191 On-Chip Debug and Test Interface With Improper Access Control
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-702CAPEC-702 Exploiting Incorrect Chaining or Granularity of Hardware Debug Components
CAPEC ID: CAPEC-702
Description: CAPEC-702 Exploiting Incorrect Chaining or Granularity of Hardware Debug Components
Solutions

The device is meant to be installed at a restricted access physical location according to the vendor and exploitation requires more attacker knowledge and higher physical access. The issue will be put in the backlog of the Wattsense team.

Configurations
Workarounds
Exploits
Credits
finder
Constantin Schieber-Knöbl | SEC Consult Vulnerability Lab
finder
Stefan Schweighofer | SEC Consult Vulnerability Lab
finder
Steffen Robertz | SEC Consult Vulnerability Lab
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://r.sec-consult.com/wattsense
third-party-advisory
https://support.wattsense.com/hc/en-150/articles/13366066529437-Release-Notes
release-notes
Hyperlink: https://r.sec-consult.com/wattsense
Resource:
third-party-advisory
Hyperlink: https://support.wattsense.com/hc/en-150/articles/13366066529437-Release-Notes
Resource:
release-notes
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.16.1MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://seclists.org/fulldisclosure/2025/Feb/9
N/A
Hyperlink: http://seclists.org/fulldisclosure/2025/Feb/9
Resource: N/A
Details not found