Jung Enet Smart Home Server vulnerabilities
4 known vulnerabilities affecting jung/enet_smart_home_server.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2
Vulnerabilities
Page 1 of 1
CVE-2026-26366P2CRITICALCVSS 9.8v2.3.1 (46841)v2.2.1 (46056)2026-02-15
CVE-2026-26366 [CRITICAL] CWE-1392 CVE-2026-26366: eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin) that
eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin) that remain active after installation and commissioning without enforcing a mandatory password change. Unauthenticated attackers can use these default credentials to gain administrative access to sensitive smart home configuration and control functions.
nvd
CVE-2026-26368P2HIGHCVSS 8.8v2.3.1 (46841)v2.2.1 (46056)2026-02-15
CVE-2026-26368 [HIGH] CWE-862 CVE-2026-26368: eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the resetUs
eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the resetUserPassword JSON-RPC method that allows any authenticated low-privileged user (UG_USER) to reset the password of arbitrary accounts, including those in the UG_ADMIN and UG_SUPER_ADMIN groups, without supplying the current password or having sufficient pr
nvd
CVE-2026-26369P2CRITICALCVSS 9.8v2.3.1 (46841)v2.2.1 (46056)2026-02-15
CVE-2026-26369 [CRITICAL] CWE-269 CVE-2026-26369: eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to insuffic
eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to insufficient authorization checks in the setUserGroup JSON-RPC method. A low-privileged user (UG_USER) can send a crafted POST request to /jsonrpc/management specifying their own username to elevate their account to the UG_ADMIN group, bypassing intended ac
nvd
CVE-2026-26367P3HIGHCVSS 8.1v2.3.1 (46841)v2.2.1 (46056)2026-02-15
CVE-2026-26367 [HIGH] CWE-862 CVE-2026-26367: eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the deleteU
eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user (UG_USER) to delete arbitrary user accounts, except for the built-in admin account. The application does not enforce role-based access control on this function, allowing a sta
nvd