CVE-2025-26408

Unprotected JTAG Interface

CVSS 6.1 MEDIUMEPSS 0.3%CWE-1191

In short

The JTAG debug port on Wattsense Bridge devices is not protected, allowing anyone with physical access to the circuit board to take complete control of the device, extract sensitive data, or alter its firmware.

Technical detail

An unprotected JTAG interface exposes the device to unauthorized access via direct PCB connection, enabling firmware extraction, modification, and debugging without authentication. This requires physical access to the device but grants full system compromise across all affected versions.

Summary generated and translated by AI from the official description.

The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. This enables an attacker to extract information, modify and debug the device's firmware. All known versions are affected.

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected products

Wattsense · Wattsense Bridge

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://seclists.org/fulldisclosure/2025/Feb/9 https://r.sec-consult.com/wattsense https://support.wattsense.com/hc/en-150/articles/13366066529437-Release-Notes