What is the severity of CVE-2025-26410?

CVE-2025-26410 is considered a high severity vulnerability due to the use of hard-coded credentials that can be exploited for unauthorized access.

How do I fix CVE-2025-26410?

To fix CVE-2025-26410, users should update their Wattsense Bridge devices to the latest firmware version that addresses the hard-coded credential issue.

Which devices are affected by CVE-2025-26410?

CVE-2025-26410 affects all versions of Wattsense Bridge devices up to version 6.4.1.

What happens if CVE-2025-26410 is exploited?

Exploitation of CVE-2025-26410 can lead to unauthorized access to the device, allowing attackers to manipulate or gather sensitive information.

Is there a known exploit for CVE-2025-26410?

As of now, there are no publicly disclosed exploits specifically targeting CVE-2025-26410, but the hard-coded credentials make it a considerable risk.

Vulnerability/
CVE-2025-26410

critical

9.8

CWE

798

EPSS

0.066%

11/2/2025

18/3/2025

CVE-2025-26410: Weak Hard-coded Credentials

First published: Tue Feb 11 2025(Updated: )

The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the serial interface. The backdoor user has been removed in firmware BSP >= 6.4.1.

Credit: 551230f0-3615-47bd-b7cc-93e92e730bbf

Affected Software	Affected Version	How to fix
Wattsense Bridge	<6.4.1

Remedy

This issue is fixed in recent firmware versions BSP >= 6.4.1.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-26410?
CVE-2025-26410 is considered a high severity vulnerability due to the use of hard-coded credentials that can be exploited for unauthorized access.
How do I fix CVE-2025-26410?
To fix CVE-2025-26410, users should update their Wattsense Bridge devices to the latest firmware version that addresses the hard-coded credential issue.
Which devices are affected by CVE-2025-26410?
CVE-2025-26410 affects all versions of Wattsense Bridge devices up to version 6.4.1.
What happens if CVE-2025-26410 is exploited?
Exploitation of CVE-2025-26410 can lead to unauthorized access to the device, allowing attackers to manipulate or gather sensitive information.
Is there a known exploit for CVE-2025-26410?
As of now, there are no publicly disclosed exploits specifically targeting CVE-2025-26410, but the hard-coded credentials make it a considerable risk.

collector/mitre-cve
source/MITRE
agent/remedy
agent/weakness
agent/title
agent/references
agent/description
agent/first-publish-date
agent/type
agent/guess-ai
agent/software-canonical-lookup
agent/softwarecombine
agent/author
collector/nvd-api
source/NVD
agent/last-modified-date
agent/severity
agent/event
collector/epss-latest
source/FIRST
agent/source
agent/tags
agent/epss
vendor/wattsense
canonical/wattsense bridge

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.