CVE-2026-26369

Critical CVSS: 9.3

eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to insufficient authorization checks in the setUserGroup JSON-RPC method. A low-privileged user (UG_USER) can send a crafted POST request to /jsonrpc/management specifying their own username to elevate their account to the UG_ADMIN group, bypassing intended access controls and gaining administrative capabilities such as modifying device configurations, network settings, and other smart home system functions.

Vendor

Jung-group

Product

Enet Smart Home

CWE

CWE-269

Yayın Tarihi

2026-02-15 16:15:54

Güncelleme

2026-02-28 01:34:28

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-269 Enet Smart Home CRITICAL Jung-group 2026

Referanslar

https://www.vulncheck.com/advisories/jung-enet-smart-home-server-privilege-escalation-v https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5975.php

Benzer Kayıtlar

High

CVE-2026-26367

eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the deleteUserAccount JSON-RPC…

High

CVE-2026-26368

eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the resetUserPassword JSON-RPC…

Critical

CVE-2026-26366

eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin) that remain active after…

High

CVE-2026-26234

JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attacke…

High

CVE-2026-26235

JUNG Smart Visu Server 1.1.1050 contains a denial of service vulnerability that allows unauthenticated attackers to remo…