CVE-2026-26366
Unknown Unknown - Not Provided
Default Credentials in eNet SMART HOME Server Allow Admin Access

Publication date: 2026-02-15

Last updated on: 2026-02-26

Assigner: VulnCheck

Description
eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin) that remain active after installation and commissioning without enforcing a mandatory password change. Unauthenticated attackers can use these default credentials to gain administrative access to sensitive smart home configuration and control functions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-15
Last Modified
2026-02-26
Generated
2026-06-16
AI Q&A
2026-02-15
EPSS Evaluated
2026-06-14
NVD
CVE-2026-26366
EUVD
EUVD-2026-6144
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
jung-group enet_smart_home 2.2.1
jung-group enet_smart_home 2.3.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1392 The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The eNet SMART HOME server versions 2.2.1 and 2.3.1 have a critical vulnerability because they ship with default credentials (user:user, admin:admin) that remain active after installation without requiring users to change them.

This flaw allows unauthenticated attackers to use these default credentials to gain administrative access to the smart home system.

Attackers can perform actions such as arbitrary user deletions via the deleteUserAccount function, which can lead to system compromise, denial of service, and privilege escalation.

Impact Analysis

If exploited, this vulnerability allows unauthorized attackers to gain full administrative access to the smart home system.

  • Compromise of sensitive smart home configuration and control functions.
  • Potential deletion of user accounts, disrupting system access.
  • Denial of Service (DoS) conditions caused by malicious actions.
  • Privilege escalation, allowing attackers to perform actions beyond their intended permissions.
Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking if the eNet SMART HOME server is accessible using the default credentials (user:user, admin:admin). An unauthenticated attacker can log in with these credentials to gain administrative access.'}, {'type': 'paragraph', 'content': "To detect this on your system or network, you can attempt to connect to the server's management interface and try logging in with the default usernames and passwords."}, {'type': 'paragraph', 'content': 'Since the affected system runs on GNU/Linux with Jetty server, you might use tools like curl or wget to test login endpoints or use telnet/ssh if applicable.'}, {'type': 'list_item', 'content': "curl -X POST -d 'username=admin&password=admin' http://<target-ip>/login"}, {'type': 'list_item', 'content': "curl -X POST -d 'username=user&password=user' http://<target-ip>/login"}, {'type': 'list_item', 'content': 'Attempt to access the deleteUserAccount function or other administrative endpoints to verify if unauthorized access is possible.'}] [1]

Mitigation Strategies

Immediate mitigation steps include changing the default credentials (user:user, admin:admin) to strong, unique passwords immediately after installation and commissioning.

If possible, restrict network access to the eNet SMART HOME server to trusted hosts only, using firewall rules or network segmentation.

Monitor the system for any unauthorized access attempts, especially targeting administrative functions like deleteUserAccount.

Since the vendor has not yet responded with a patch, consider disabling remote access to the server until a fix is available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-26366. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart