Description
eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the resetUserPassword JSON-RPC method that allows any authenticated low-privileged user (UG_USER) to reset the password of arbitrary accounts, including those in the UG_ADMIN and UG_SUPER_ADMIN groups, without supplying the current password or having sufficient privileges. By sending a crafted JSON-RPC request to /jsonrpc/management, an attacker can overwrite existing credentials, resulting in direct account takeover with full administrative access and persistent privilege escalation.
Published: 2026-02-15
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Account Takeover with Administrative Privileges
Action: Patch Immediately
AI Analysis

Impact

The eNet SMART HOME server versions 2.2.1 and 2.3.1 contain a missing authorization flaw in the JSON‑RPC method resetUserPassword. An authenticated user with only low‑privileged rights (UG_USER) can invoke this method to reset the password of any account, including those in the UG_ADMIN and UG_SUPER_ADMIN groups, without providing the current password or possessing higher privileges. A crafted JSON‑RPC request sent to the /jsonrpc/management endpoint therefore allows an attacker to overwrite existing credentials, resulting in direct account takeover with full administrative access and persistent privilege escalation. The weakness is classified as CWE‑862, Unauthorized Access to Resource or Permissions.

Affected Systems

The vulnerability affects the JUNG eNet SMART HOME server, specifically versions 2.2.1 and 2.3.1. No other product versions are listed in the CNA data, so only these releases are known to be impacted.

Risk and Exploitability

The CVSS score of 8.7 categorizes the flaw as high severity, and the EPSS score of less than 1% indicates a low exploitation probability under current threat landscapes. However, because the exploit requires only a logged‑in low‑privileged user and can be performed by sending a single crafted request, the practical effort to achieve elevation is minimal if an authenticated account is present. The CVE is not listed in the CISA KEV catalog, suggesting no confirmed active exploitation yet, but the potential remains significant due to the ability to gain full administrative control.

Generated by OpenCVE AI on April 17, 2026 at 19:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest vendor‑supplied update to the eNet SMART HOME server that fixes the authorization issue in resetUserPassword.
  • Configure firewall or network segmentation rules to restrict access to the /jsonrpc/management endpoint to trusted internal hosts only.
  • Revoke or limit low‑privileged (UG_USER) accounts from having permission to use password‑reset functionality until the patch is deployed.

Generated by OpenCVE AI on April 17, 2026 at 19:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 28 Feb 2026 01:45:00 +0000

Type Values Removed Values Added
First Time appeared Jung-group
Jung-group enet Smart Home
CPEs cpe:2.3:a:jung-group:enet_smart_home:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:jung-group:enet_smart_home:2.3.1:*:*:*:*:*:*:*
Vendors & Products Jung-group
Jung-group enet Smart Home

Tue, 17 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 17 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 16 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Jung
Jung enet Smart Home Server
Vendors & Products Jung
Jung enet Smart Home Server

Sun, 15 Feb 2026 15:45:00 +0000

Type Values Removed Values Added
Description eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the resetUserPassword JSON-RPC method that allows any authenticated low-privileged user (UG_USER) to reset the password of arbitrary accounts, including those in the UG_ADMIN and UG_SUPER_ADMIN groups, without supplying the current password or having sufficient privileges. By sending a crafted JSON-RPC request to /jsonrpc/management, an attacker can overwrite existing credentials, resulting in direct account takeover with full administrative access and persistent privilege escalation.
Title JUNG eNet SMART HOME server 2.2.1/2.3.1 Account Takeover via resetUserPassword
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Jung Enet Smart Home Server
Jung-group Enet Smart Home
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-02-17T16:50:34.868Z

Reserved: 2026-02-15T15:02:31.876Z

Link: CVE-2026-26368

cve-icon Vulnrichment

Updated: 2026-02-17T14:43:11.090Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-15T16:15:54.237

Modified: 2026-02-28T01:33:46.257

Link: CVE-2026-26368

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T19:30:15Z

Weaknesses