PT-2025-21941 · Engenius · Engenius Enh500 Ap 2T2R
Omar Fadel
·
Published
2025-05-19
·
Updated
2025-05-19
·
CVE-2025-28371
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L |
Name of the Vulnerable Software and Affected Versions:
EnGenius ENH500 AP 2T2R version 3.0 FW3.7.22
Description:
The issue concerns Incorrect Access Control via the password change function. The device fails to validate the current password, allowing an attacker to submit a password change request with an invalid current password and set a new password.
Recommendations:
For EnGenius ENH500 AP 2T2R version 3.0 FW3.7.22, consider disabling the password change function until a patch is available to prevent exploitation. Restrict access to the device to minimize the risk of unauthorized password changes.
Exploit
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Engenius Enh500 Ap 2T2R