CVE-2026-26369
JUNG eNet SMART HOME server 2.2.1/2.3.1 Privilege Escalation via setUserGroup
In short
A flaw in JUNG eNet SMART HOME server allows regular users to trick the system into giving themselves admin rights by sending a specially crafted request. This lets attackers take complete control of smart home devices and settings.
Technical detail
The setUserGroup JSON-RPC method in /jsonrpc/management endpoint lacks proper authorization validation, allowing an authenticated UG_USER to escalate privileges to UG_ADMIN by crafting a POST request with their own username. This bypasses access controls and grants full administrative access to device configurations and network settings.
Summary generated and translated by AI from the official description.
eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to insufficient authorization checks in the setUserGroup JSON-RPC method. A low-privileged user (UG_USER) can send a crafted POST request to /jsonrpc/management specifying their own username to elevate their account to the UG_ADMIN group, bypassing intended access controls and gaining administrative capabilities such as modifying device configurations, network settings, and other smart home system functions.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
JUNG · eNet SMART HOME serverWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →