CVE-2026-26366

Critical CVSS: 9.3

eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin) that remain active after installation and commissioning without enforcing a mandatory password change. Unauthenticated attackers can use these default credentials to gain administrative access to sensitive smart home configuration and control functions.

Vendor

Jung-group

Product

Enet Smart Home

CWE

CWE-1392

Yayın Tarihi

2026-02-15 16:15:53

Güncelleme

2026-02-26 22:44:42

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-1392 Enet Smart Home CRITICAL Jung-group 2026

Referanslar

https://www.vulncheck.com/advisories/jung-enet-smart-home-server-use-of-default-credent https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5972.php

Benzer Kayıtlar

High

CVE-2026-26367

eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the deleteUserAccount JSON-RPC…

High

CVE-2026-26368

eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the resetUserPassword JSON-RPC…

Critical

CVE-2026-26369

eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to insufficient authorization c…

High

CVE-2026-26234

JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attacke…

High

CVE-2026-26235

JUNG Smart Visu Server 1.1.1050 contains a denial of service vulnerability that allows unauthenticated attackers to remo…