CVE-2026-26366

Summary

eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin) that remain active after installation and commissioning without enforcing a mandatory password change. Unauthenticated attackers can use these default credentials to gain administrative access to sensitive smart home configuration and control functions.

Affected Software

VendorProductVersion RangeStatus
JUNGeNet SMART HOME server2.3.1 (46841)affected
JUNGeNet SMART HOME server2.2.1 (46056)affected

Weaknesses

  • CWE-1392: Use of Default Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

References