CVE-2026-26366

JUNG eNet SMART HOME server 2.2.1/2.3.1 Use of Default Credentials

CVSS 9.3 CRITICALEPSS 0.7%CWE-1392

In short

JUNG eNet SMART HOME server comes with pre-set default usernames and passwords (user:user, admin:admin) that are never disabled, allowing anyone to log in and control your smart home system without permission.

Technical detail

The JUNG eNet SMART HOME server versions 2.2.1 and 2.3.1 ship with hardcoded default credentials that are not enforced to change during installation. An unauthenticated attacker can use these credentials to gain administrative access to smart home configuration and control functions. The vulnerability requires network access to the server interface but no prior authentication or user interaction.

Summary generated and translated by AI from the official description.

eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin) that remain active after installation and commissioning without enforcing a mandatory password change. Unauthenticated attackers can use these default credentials to gain administrative access to sensitive smart home configuration and control functions.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

JUNG · eNet SMART HOME server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.vulncheck.com/advisories/jung-enet-smart-home-server-use-of-default-credent https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5972.php