← Zuruck zu CVEs
CVE-2026-26369
CRITICAL9.8
Beschreibung
eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to insufficient authorization checks in the setUserGroup JSON-RPC method. A low-privileged user (UG_USER) can send a crafted POST request to /jsonrpc/management specifying their own username to elevate their account to the UG_ADMIN group, bypassing intended access controls and gaining administrative capabilities such as modifying device configurations, network settings, and other smart home system functions.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht2/15/2026
Zuletzt geandert2/28/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
jung-group:enet_smart_home
Schwachen (CWE)
CWE-269
Referenzen
https://www.vulncheck.com/advisories/jung-enet-smart-home-server-privilege-escalation-v(disclosure@vulncheck.com)
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5975.php(disclosure@vulncheck.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.