CVE-2026-26369
Privilege Escalation in eNet SMART HOME via setUserGroup RPC
Publication date: 2026-02-15
Last updated on: 2026-02-28
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jung-group | enet_smart_home | 2.2.1 |
| jung-group | enet_smart_home | 2.3.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The eNet SMART HOME server versions 2.2.1 and 2.3.1 have a privilege escalation vulnerability caused by insufficient authorization checks in the setUserGroup JSON-RPC method.
A low-privileged user (UG_USER) can exploit this by sending a specially crafted POST request to the /jsonrpc/management endpoint, specifying their own username to elevate their account to the UG_ADMIN group.
This bypasses the intended access controls and grants the attacker administrative capabilities, such as modifying device configurations, network settings, and other smart home system functions.
How can this vulnerability impact me? :
Exploiting this vulnerability allows an attacker with low privileges to gain full administrative rights on the eNet SMART HOME server.
- Modify device configurations
- Alter network settings
- Potentially compromise the entire smart home ecosystem managed by the server
This can lead to unauthorized control over smart home devices and settings, posing significant security and privacy risks.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by monitoring for suspicious POST requests to the /jsonrpc/management endpoint, specifically those invoking the setUserGroup JSON-RPC method with parameters that attempt to elevate a user's group to UG_ADMIN."}, {'type': 'paragraph', 'content': 'A detection approach could involve inspecting network traffic or server logs for crafted POST requests that include the username parameter and the UG_ADMIN group assignment.'}, {'type': 'paragraph', 'content': 'For example, using command-line tools like curl or tcpdump to capture and analyze traffic, or grep to search logs for relevant JSON-RPC calls, might help identify exploitation attempts.'}, {'type': 'list_item', 'content': 'Use tcpdump or Wireshark to capture HTTP POST requests to /jsonrpc/management.'}, {'type': 'list_item', 'content': 'Search server access logs for POST requests containing "setUserGroup" and "UG_ADMIN" keywords, e.g., grep \'setUserGroup\' /var/log/nginx/access.log | grep \'UG_ADMIN\'.'}, {'type': 'list_item', 'content': 'Use curl to test the endpoint manually by sending a crafted POST request to see if privilege escalation is possible (only in a controlled, authorized environment).'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the /jsonrpc/management endpoint to trusted users only and implementing additional authorization checks to prevent unauthorized privilege escalation.
If possible, disable or restrict the setUserGroup JSON-RPC method until a patch or update is applied.
Monitor and block suspicious POST requests attempting to change user groups, especially those elevating privileges to UG_ADMIN.
Contact the vendor for patches or updates addressing this vulnerability and apply them as soon as they become available.