CRITICALCVE-2026-26366Published 2026-02-15Modified 2026-02-17CNA VulnCheck

CVE-2026-26366: JUNG eNet SMART HOME server 2.2.1/2.3.1 Use of Default Credentials

eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin) that remain active after installation and commissioning without enforcing a mandatory password change. Unauthenticated attackers can use these default credentials to gain administrative access to sensitive smart home configuration and control functions.

CVSS v4.0: 9.3
Severity: CRITICAL
Fixed in: —
Affected Products: 1

Affected packages

JUNG / eNet SMART HOME server
2.3.1 (46841) · 2.2.1 (46056)

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

Zero Science Lab Vulnerability Advisory ZSL-2026-5972
VulnCheck Advisory: JUNG eNet SMART HOME server 2.2.1/2.3.1 Use of Default Credentials

Metrics