PT-2026-8250 · Unknown · Enet Smart Home Server

Gjoko Krstic

Publicado

2026-02-15

Atualizado

2026-02-20

CVE-2026-26366

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions eNet SMART HOME server versions 2.2.1 and 2.3.1

Description The eNet SMART HOME server is affected by a default credentials issue. The server ships with default credentials ('user:user', 'admin:admin') that remain active after installation and commissioning without requiring a password change. This allows unauthenticated attackers to gain administrative access to sensitive smart home configuration and control functions.

Recommendations Change the default credentials for both the 'user' and 'admin' accounts immediately after installation and commissioning.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-1392

Identificadores relacionados

CVE-2026-26366

Produtos afetados

Enet Smart Home Server

PT-2026-8250 · Unknown · Enet Smart Home Server

CVE-2026-26366

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12