CVE-2026-26366

EUVD-2026-6144
eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin) that remain active after installation and commissioning without enforcing a mandatory password change. Unauthenticated attackers can use these default credentials to gain administrative access to sensitive smart home configuration and control functions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
jung-groupenet_smart_home
2.2.1
jung-groupenet_smart_home
2.3.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.vulncheck.com/advisories/jung-enet-smart-home-server-use-of-default-credent
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5972.php