CVE-2025-28371

Medium CVSS: 6.5

EnGenius ENH500 AP 2T2R V3.0 FW3.7.22 is vulnerable to Incorrect Access Control via the password change function. The device fails to validate the current password, allowing an attacker to submit a password change request with an invalid current password and set a new password.

Vendor

Engeniustech

Product

Enh500 Firmware

CWE

CWE-284

Yayın Tarihi

2025-05-19 14:15:23

Güncelleme

2025-06-12 16:26:26

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-284 Enh500 Firmware MEDIUM Engeniustech 2025

Referanslar

https://drive.google.com/file/d/1kQFOyFQYycKynIBjbU8bMx2gYTG3Bxi2/view?usp=sharing https://pastebin.com/raw/EnL1XT2n https://pastebin.com/raw/hziq1nGH