Description
JUNG Smart Visu Server 1.1.1050 contains a denial of service vulnerability that allows unauthenticated attackers to remotely shutdown or reboot the server. Attackers can send a single POST request to trigger the server reboot without requiring any authentication.
Published: 2026-02-12
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Unauthenticated Server Reboot (Denial of Service)
Action: Patch Immediately
AI Analysis

Impact

The vulnerability in Smart Visu Server 1.1.1050 allows an attacker to trigger a server reboot or shutdown by sending a single HTTP POST request without any authentication. Because the server does not verify the caller’s identity, an unauthenticated actor can permanently interrupt service, causing availability loss and potential operational disruption. This is a classic denial‑of‑service scenario rooted in missing authentication (CWE‑306).

Affected Systems

The affected product is the JUNG Smart Visu Server from Albrecht Jung GmbH & Co. KG. The vulnerability applies to firmware version 1.1.1050 of the Smart Visu Server, as indicated by the CPE strings and vendor product record.

Risk and Exploitability

The CVSS score of 8.7 reflects a high severity denial‑of‑service condition, but the EPSS score of less than 1 % indicates a very low current exploitation probability. The vulnerability is not listed in the CISA KEV catalog, and the attack vector is likely remote over the network via HTTP, with no authentication prerequisite. While the odds of exploitation are modest, the impact is significant as any login‑free admin access can bring the system down.

Generated by OpenCVE AI on April 16, 2026 at 17:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest vendor patch or firmware update that addresses the missing authentication check for Smart Visu Server 1.1.1050
  • If an immediate patch is unavailable, restrict the Smart Visu Server’s administrative API to trusted IP ranges or isolate it behind a firewall that blocks unauthorized HTTP access
  • Implement monitoring for reboot or shutdown commands and alert on unexpected restarts to detect and respond to potential exploitation attempts

Generated by OpenCVE AI on April 16, 2026 at 17:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 05 Mar 2026 02:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:jung-group:smart_visu_server_firmware:1.1.1050:*:*:*:*:*:*:*

Fri, 20 Feb 2026 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Jung-group
Jung-group smart Visu Server
Jung-group smart Visu Server Firmware
CPEs cpe:2.3:h:jung-group:smart_visu_server:-:*:*:*:*:*:*:*
cpe:2.3:o:jung-group:smart_visu_server_firmware:*:*:*:*:*:*:*:*
Vendors & Products Jung-group
Jung-group smart Visu Server
Jung-group smart Visu Server Firmware

Thu, 12 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Feb 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Albrecht Jung
Albrecht Jung jung Smart Visu Server
Vendors & Products Albrecht Jung
Albrecht Jung jung Smart Visu Server

Thu, 12 Feb 2026 03:30:00 +0000

Type Values Removed Values Added
Description JUNG Smart Visu Server 1.1.1050 contains a denial of service vulnerability that allows unauthenticated attackers to remotely shutdown or reboot the server. Attackers can send a single POST request to trigger the server reboot without requiring any authentication.
Title JUNG Smart Visu Server 1.1.1050 - 'JUNG Smart Visu Server' Missing Authentication
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Albrecht Jung Jung Smart Visu Server
Jung-group Smart Visu Server Smart Visu Server Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-05T01:31:04.201Z

Reserved: 2026-02-12T01:24:09.127Z

Link: CVE-2026-26235

cve-icon Vulnrichment

Updated: 2026-02-12T15:14:46.409Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-12T04:15:47.770

Modified: 2026-02-20T19:52:03.777

Link: CVE-2026-26235

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T17:15:17Z

Weaknesses