VYPR

SMART HOME server

by Enet

CVEs (4)

  • CVE-2026-26369Feb 15, 2026
    risk 0.00cvss epss 0.01

    eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to insufficient authorization checks in the setUserGroup JSON-RPC method. A low-privileged user (UG_USER) can send a crafted POST request to /jsonrpc/management specifying their own username…

  • CVE-2026-26368Feb 15, 2026
    risk 0.00cvss epss 0.01

    eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the resetUserPassword JSON-RPC method that allows any authenticated low-privileged user (UG_USER) to reset the password of arbitrary accounts, including those in the UG_ADMIN and…

  • CVE-2026-26367Feb 15, 2026
    risk 0.00cvss epss 0.00

    eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user (UG_USER) to delete arbitrary user accounts, except for the built-in admin account. The application…

  • CVE-2026-26366Feb 15, 2026
    risk 0.00cvss epss 0.01

    eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin) that remain active after installation and commissioning without enforcing a mandatory password change. Unauthenticated attackers can use these default credentials to gain…