CVE-2025-26410

Name of the Vulnerable Software and Affected Versions: Wattsense Bridge versions prior to 6.4.1

Description: The firmware of all Wattsense Bridge devices contains the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the serial interface.

Recommendations: For Wattsense Bridge versions prior to 6.4.1, update the firmware to version 6.4.1 or later to remove the backdoor user and hard-coded credentials. As a temporary workaround, consider restricting access to the serial interface to minimize the risk of exploitation.