Lucene search
K

4 matches found

NVD
NVD
added 2026/02/15 4:15 p.m.7 views

CVE-2026-26368

eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the resetUserPassword JSON-RPC method that allows any authenticated low-privileged user UGUSER to reset the password of arbitrary accounts, including those in the UGADMIN and UGSUPERADMIN groups, without...

8.8CVSS0.00529EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/02/15 3:29 p.m.26 views

CVE-2026-26369 JUNG eNet SMART HOME server 2.2.1/2.3.1 Privilege Escalation via setUserGroup

eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to insufficient authorization checks in the setUserGroup JSON-RPC method. A low-privileged user UGUSER can send a crafted POST request to /jsonrpc/management specifying their own username to elevate their...

9.8CVSS0.00637EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/02/15 3:29 p.m.4 views

CVE-2026-26367 JUNG eNet SMART HOME server 2.2.1/2.3.1 Arbitrary User Deletion via deleteUserAccount

eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user UGUSER to delete arbitrary user accounts, except for the built-in admin account. The application does not enforce...

8.1CVSS5.8AI score0.00373EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/02/15 12:0 a.m.14 views

PT-2026-8252

Name of the Vulnerable Software and Affected Versions eNet SMART HOME server versions 2.2.1 and 2.3.1 Description The software contains a missing authorization flaw in the resetUserPassword JSON-RPC method. An authenticated, low-privileged user UG USER can reset the passwords of any account,...

8.8CVSS5.5AI score0.00529EPSS
Exploits2References12
Rows per page
Query Builder