Vulnerability Details CVE-2026-26366
eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin) that remain active after installation and commissioning without enforcing a mandatory password change. Unauthenticated attackers can use these default credentials to gain administrative access to sensitive smart home configuration and control functions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.7%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2026-26366
-
cpe:2.3:a:jung-group:enet_smart_home:2.2.1
-
cpe:2.3:a:jung-group:enet_smart_home:2.3.1