Description
eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin) that remain active after installation and commissioning without enforcing a mandatory password change. Unauthenticated attackers can use these default credentials to gain administrative access to sensitive smart home configuration and control functions.
Published: 2026-02-15
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Administrative Access
Action: Immediate Patch
AI Analysis

Impact

The eNet SMART HOME server releases 2.2.1 and 2.3.1 contain active default user accounts that do not prompt for a password change after installation. Unauthenticated users can log in with the known credentials and gain full administrative control over the device’s configuration and smart home device management functions. This allows an attacker to modify system settings, disconnect or connect smart devices, and potentially intercept or tamper with home network traffic controlled by the server.

Affected Systems

The vulnerability affects Jung Group’s eNet SMART HOME server, specifically versions 2.2.1 and 2.3.1. Only devices running these firmware releases are impacted.

Risk and Exploitability

The CVSS v3 score of 9.3 indicates a high severity flaw; the exploitability is virtually trivial because an attacker only needs to know the default credentials and does not require additional code execution. The EPSS score of less than 1% suggests that, statistically, the probability of exploitation is low at this time, yet the fact that no password change is enforced makes it a high value target for opportunistic attackers. The flaw is not currently catalogued in CISA’s KEV list, but its presence makes it a priority for administrators to remediate.

Generated by OpenCVE AI on April 17, 2026 at 19:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device to the latest firmware that removes or disables the default credentials or that requires a mandatory password change upon first use.
  • Immediately change the default “user” and “admin” passwords to strong, unique values and disable the default accounts if the firmware allows.
  • Restrict network access to the eNet SMART HOME server by placing it behind a firewall or in a dedicated, isolated network zone so that only trusted devices can communicate with it.

Generated by OpenCVE AI on April 17, 2026 at 19:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Feb 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Jung-group
Jung-group enet Smart Home
CPEs cpe:2.3:a:jung-group:enet_smart_home:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:jung-group:enet_smart_home:2.3.1:*:*:*:*:*:*:*
Vendors & Products Jung-group
Jung-group enet Smart Home

Tue, 17 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 17 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 16 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Jung
Jung enet Smart Home Server
Vendors & Products Jung
Jung enet Smart Home Server

Sun, 15 Feb 2026 15:45:00 +0000

Type Values Removed Values Added
Description eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin) that remain active after installation and commissioning without enforcing a mandatory password change. Unauthenticated attackers can use these default credentials to gain administrative access to sensitive smart home configuration and control functions.
Title JUNG eNet SMART HOME server 2.2.1/2.3.1 Use of Default Credentials
Weaknesses CWE-1392
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Jung Enet Smart Home Server
Jung-group Enet Smart Home
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-02-17T16:51:25.025Z

Reserved: 2026-02-15T15:02:02.824Z

Link: CVE-2026-26366

cve-icon Vulnrichment

Updated: 2026-02-17T15:19:00.223Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-15T16:15:53.870

Modified: 2026-02-26T22:44:42.813

Link: CVE-2026-26366

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T19:30:15Z

Weaknesses