The vulnerability identified as CVE-2025-26410 affects Wattsense Bridge devices, which are used primarily for building automation and energy management. The root cause is the presence of hard-coded credentials for both user and root accounts embedded in the device firmware. These credentials are identical across all affected devices, making them a prime target for attackers. The user password can be recovered through offline password cracking techniques, given that the password hashes or encrypted forms are accessible. Once the credentials are obtained, an attacker can log into the device via the exposed login shell accessible through the serial interface. This interface is typically used for maintenance or debugging but is insufficiently protected in affected versions. The vulnerability allows an attacker with physical or network access to the serial interface to gain full control over the device without any authentication or user interaction. This can lead to unauthorized access, manipulation of device functions, disruption of building management systems, and potential pivoting to other networked systems. The vendor has addressed this issue by removing the backdoor user in firmware BSP version 6.4.1 and later. However, no patches or updates are available for earlier versions, and no known exploits have been reported in the wild yet. The CVSS v3.1 score of 9.8 reflects the vulnerability's critical nature, with network attack vector, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability.

For European organizations, the impact of this vulnerability is significant, especially for those relying on Wattsense Bridge devices for building automation, energy management, or critical infrastructure control. Exploitation can lead to unauthorized access to sensitive operational data, manipulation or disruption of building systems such as HVAC, lighting, or security controls, and potential denial of service. This could result in operational downtime, safety risks, and financial losses. Additionally, compromised devices could serve as entry points for lateral movement within corporate or industrial networks, increasing the risk of broader cyberattacks. Given the criticality of infrastructure in sectors like healthcare, manufacturing, and public services, the vulnerability poses a substantial threat to European organizations’ operational resilience and data security.

To mitigate this vulnerability, organizations should immediately upgrade all Wattsense Bridge devices to firmware version BSP 6.4.1 or later, where the hard-coded backdoor user has been removed. If upgrading is not immediately possible, physical security controls should be enhanced to restrict access to the serial interface, including locking device enclosures and monitoring access logs. Network segmentation should be implemented to isolate these devices from general IT networks, limiting exposure to potential attackers. Additionally, organizations should conduct regular audits to identify devices running vulnerable firmware versions and replace or update them accordingly. Employing intrusion detection systems that monitor for unusual access patterns on building automation networks can help detect exploitation attempts. Finally, coordinating with Wattsense for any available patches or security advisories and integrating these devices into the broader vulnerability management program is essential.