📄 eNet SMART HOME Server 2.3.1 Default Credentials_PACKETSTORM:215699

Description

The eNet Smart Home system ships with default credentials that remain active after installation and commissioning without enforcing a mandatory password change. Version 2.3.1 is affected...

Visit Original Source

Basic Information

ID PACKETSTORM:215699

Published Feb 16, 2026 at 00:00

Affected Product

Affected Versions eNet SMART HOME server 2.3.1 Use of Default Credentials

Vendor: Gira Giersiepen GmbH & Co. KG | ALBRECHT JUNG GmbH & Co. KG | Insta GmbH
Product web page: https://www.enet-smarthome.com
Affected version: 2.3.1 (46841)
2.2.1 (46056)

Summary: Two German specialists in building systems technology are jointly bringing
a new, wireless-based smart home system to the market. Gira and JUNG are the companies
behind the eNet SMART HOME brand with our subsidiary, INSTA, responsible for developing
the system. All three of us are old hands when it comes to building automation, and
have a history of connecting buildings in an intelligent way that goes back as far as
the 80s. Gira, JUNG and INSTA were part of the group of companies that initiated and
founded EIBA (now known as KNX). KNX is the first open global standard for home and
building automation. Through KNX, we have decisively shaped the development of intelligent
building systems technology – and this wealth of experience has now come together in
eNet SMART HOME. The eNet server is the heart of every eNet SMART HOME system and
offers end customers the basis for an easy-to-use and secure Smart Home and installation
engineers easily understandable and professional commissioning of the system.

Desc: The eNet Smart Home system ships with default credentials that remain active
after installation and commissioning without enforcing a mandatory password change.

Tested on: GNU/Linux 4.4.15 (ARMv7 revision 5)
Jetty(9.2.z-SNAPSHOT)

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience

Advisory ID: ZSL-2026-5972
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5972.php

07.02.2026

--

user:user
admin:admin

{
    "lastseen": "2026-02-16T17:43:28",
    "description": "The eNet Smart Home system ships with default credentials that remain active after installation and commissioning without enforcing a mandatory password change. Version 2.3.1 is affected...",
    "published": "2026-02-16T00:00:00",
    "modified": "2026-02-16T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 eNet SMART HOME Server 2.3.1 Default Credentials",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:215699",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [],
    "sourceData": "eNet SMART HOME server 2.3.1 Use of Default Credentials\n    \n    \n    Vendor: Gira Giersiepen GmbH & Co. KG | ALBRECHT JUNG GmbH & Co. KG | Insta GmbH\n    Product web page: https://www.enet-smarthome.com\n    Affected version: 2.3.1 (46841)\n                      2.2.1 (46056)\n    \n    Summary: Two German specialists in building systems technology are jointly bringing\n    a new, wireless-based smart home system to the market. Gira and JUNG are the companies\n    behind the eNet SMART HOME brand with our subsidiary, INSTA, responsible for developing\n    the system. All three of us are old hands when it comes to building automation, and\n    have a history of connecting buildings in an intelligent way that goes back as far as\n    the 80s. Gira, JUNG and INSTA were part of the group of companies that initiated and\n    founded EIBA (now known as KNX). KNX is the first open global standard for home and\n    building automation. Through KNX, we have decisively shaped the development of intelligent\n    building systems technology \u2013 and this wealth of experience has now come together in\n    eNet SMART HOME. The eNet server is the heart of every eNet SMART HOME system and\n    offers end customers the basis for an easy-to-use and secure Smart Home and installation\n    engineers easily understandable and professional commissioning of the system.\n    \n    Desc: The eNet Smart Home system ships with default credentials that remain active\n    after installation and commissioning without enforcing a mandatory password change.\n    \n    Tested on: GNU/Linux 4.4.15 (ARMv7 revision 5)\n               Jetty(9.2.z-SNAPSHOT)\n    \n    \n    Vulnerability discovered by Gjoko 'LiquidWorm' Krstic\n                                @zeroscience\n    \n    \n    Advisory ID: ZSL-2026-5972\n    Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5972.php\n    \n    \n    07.02.2026\n    \n    --\n    \n    \n    user:user\n    admin:admin",
    "sourceHref": "https://packetstorm.news/download/215699",
    "cvss": {
        "score": 0,
        "severity": "NONE",
        "vector": "NONE",
        "version": "NONE"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/215699/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply