eNet Smart Home Server Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability has been identified in eNet SMART HOME server versions 2.2.1 and 2.3.1. The issue arises from inadequate authorization checks in the JSON-RPC 'setUserGroup' method, allowing low-privileged users to send crafted POST requests that elevate their user rights to administrative levels. This exploitation bypasses access controls, enabling unauthorized users to modify device settings, network configurations, and other functions within the smart home system.

Impact

Exploitation of this vulnerability allows low-privileged users to gain administrative rights, enabling them to alter device configurations, network settings, and other critical functions within the smart home ecosystem.

Added: Feb 15, 2026, 4:18 PM

Updated: Feb 15, 2026, 4:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

0.0

relevance

2.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

0.0

relevance

2.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

eNet Smart Home Server Privilege Escalation Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating