CVE-2025-26411

Name of the Vulnerable Software and Affected Versions: Wattsense Bridge versions prior to 6.1.0

Description: An authenticated attacker can use the Plugin Manager of the web interface to upload malicious Python files, enabling remote root access to the device. The attacker needs a valid user account on the Wattsense web interface to conduct this attack.

Recommendations: For versions prior to 6.1.0, update to a firmware version BSP >= 6.1.0 to resolve the issue. As a temporary workaround, consider restricting access to the Plugin Manager or disabling the upload of Python files until the update is applied.