EnGenius ENH500 AP 2T2R Incorrect Access Control Vulnerability in Password Change Function

Vulnerability

A vulnerability has been identified in the EnGenius ENH500 AP 2T2R access point, specifically in version 3.7.22 of the firmware. The issue arises from incorrect access control in the password change function, where the device does not properly validate the current password. This flaw enables an attacker to send a password change request with an invalid current password, effectively allowing unauthorized password resets and potential takeover of the device.

Impact

Exploitation of this vulnerability could lead to unauthorized password changes, allowing an attacker to gain control over the affected device.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

EnGenius ENH500 AP 2T2R Incorrect Access Control Vulnerability in Password Change Function

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating