← Voltar para CVEs
CVE-2026-26369
CRITICAL9.8
Descricao
eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to insufficient authorization checks in the setUserGroup JSON-RPC method. A low-privileged user (UG_USER) can send a crafted POST request to /jsonrpc/management specifying their own username to elevate their account to the UG_ADMIN group, bypassing intended access controls and gaining administrative capabilities such as modifying device configurations, network settings, and other smart home system functions.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado2/15/2026
Ultima modificacao2/28/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
jung-group:enet_smart_home
Fraquezas (CWE)
CWE-269
Referencias
https://www.vulncheck.com/advisories/jung-enet-smart-home-server-privilege-escalation-v(disclosure@vulncheck.com)
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5975.php(disclosure@vulncheck.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.