JUNG eNet SMART HOME server 2.2.1/2.3.1 Privilege Escalation via setUserGroup

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to insufficient authorization checks in the setUserGroup JSON-RPC method. A low-privileged user (UG_USER) can send a crafted POST request to /jsonrpc/management specifying their own username to elevate their account to the UG_ADMIN group, bypassing intended access controls and gaining administrative capabilities such as modifying device configurations, network settings, and other smart home system functions.

AI Analysis

Privilege escalation vulnerability in eNet SMART HOME server due to insufficient authorization checks in the setUserGroup JSON-RPC method

Basic Information

ID CVE-2026-26369

Source VulnCheck

Published Feb 15, 2026 at 15:29

Affected Product

Vendor JUNG

Product eNet SMART HOME server

Version 2.3.1 (46841)

Affected Versions JUNG eNet SMART HOME server 2.3.1 (46841)
JUNG eNet SMART HOME server 2.2.1 (46056)

CWE Classification

CWE-269

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor JUNG

Product eNet SMART HOME server

Version 2.2.1, 2.3.1

References

{
    "lastseen": "",
    "description": "eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to insufficient authorization checks in the setUserGroup JSON-RPC method. A low-privileged user (UG_USER) can send a crafted POST request to /jsonrpc/management specifying their own username to elevate their account to the UG_ADMIN group, bypassing intended access controls and gaining administrative capabilities such as modifying device configurations, network settings, and other smart home system functions.",
    "published": "2026-02-15T15:29:56.204Z",
    "modified": "2026-02-15T15:29:56.204Z",
    "type": "cve",
    "title": "JUNG eNet SMART HOME server 2.2.1/2.3.1 Privilege Escalation via setUserGroup",
    "source": "VulnCheck",
    "references": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5975.php\nhttps://www.vulncheck.com/advisories/jung-enet-smart-home-server-privilege-escalation-v",
    "id": "CVE-2026-26369",
    "bulletinFamily": "",
    "cwe": [
        "CWE-269"
    ],
    "cvelist": null,
    "sourceData": "JUNG eNet SMART HOME server 2.3.1 (46841)\nJUNG eNet SMART HOME server 2.2.1 (46056)",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "eNet SMART HOME server",
    "version": "2.3.1 (46841)",
    "vendor": "JUNG",
    "ai_description": "Privilege escalation vulnerability in eNet SMART HOME server due to insufficient authorization checks in the setUserGroup JSON-RPC method",
    "ai_severity": "Critical",
    "ai_vendor": "JUNG",
    "ai_product": "eNet SMART HOME server",
    "ai_version": "2.2.1, 2.3.1",
    "ai_score": 9.3
}

JUNG eNet SMART HOME server 2.2.1/2.3.1 Privilege Escalation via setUserGroup_CVE-2026-26369