Engenius · Engenius Enh500 Ap 2T2R · CVE-2025-28371
Name of the Vulnerable Software and Affected Versions:
EnGenius ENH500 AP 2T2R version 3.0 FW3.7.22
Description:
The issue concerns Incorrect Access Control via the password change function. The device fails to validate the current password, allowing an attacker to submit a password change request with an invalid current password and set a new password.
Recommendations:
For EnGenius ENH500 AP 2T2R version 3.0 FW3.7.22, consider disabling the password change function until a patch is available to prevent exploitation. Restrict access to the device to minimize the risk of unauthorized password changes.