Search
Search Results (7 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-26366 | 2 Jung, Jung-group | 2 Enet Smart Home Server, Enet Smart Home | 2026-02-26 | 9.8 Critical |
| eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin) that remain active after installation and commissioning without enforcing a mandatory password change. Unauthenticated attackers can use these default credentials to gain administrative access to sensitive smart home configuration and control functions. | ||||
| CVE-2026-26367 | 2 Jung, Jung-group | 2 Enet Smart Home Server, Enet Smart Home | 2026-02-26 | 6.5 Medium |
| eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user (UG_USER) to delete arbitrary user accounts, except for the built-in admin account. The application does not enforce role-based access control on this function, allowing a standard user to submit a crafted POST request to /jsonrpc/management specifying another username to have that account removed without elevated permissions or additional confirmation. | ||||
| CVE-2026-26235 | 2 Albrecht Jung, Jung-group | 3 Jung Smart Visu Server, Smart Visu Server, Smart Visu Server Firmware | 2026-02-20 | 7.5 High |
| JUNG Smart Visu Server 1.1.1050 contains a denial of service vulnerability that allows unauthenticated attackers to remotely shutdown or reboot the server. Attackers can send a single POST request to trigger the server reboot without requiring any authentication. | ||||
| CVE-2026-26234 | 2 Albrecht Jung, Jung-group | 3 Jung Smart Visu Server, Smart Visu Server, Smart Visu Server Firmware | 2026-02-20 | 8.8 High |
| JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. Attackers can manipulate proxied requests to generate tainted responses, enabling cache poisoning, potential phishing, and redirecting users to malicious domains. | ||||
| CVE-2017-20082 | 1 Jung-group | 2 Smart Visu Server, Smart Visu Server Firmware | 2025-04-15 | 5.5 Medium |
| A vulnerability, which was classified as problematic, has been found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. This issue affects some unknown processing. The manipulation leads to backdoor. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2017-20083 | 1 Jung-group | 2 Smart Visu Server, Smart Visu Server Firmware | 2025-04-15 | 5.3 Medium |
| A vulnerability, which was classified as critical, was found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. Affected is an unknown function of the component SSH Server. The manipulation leads to backdoor. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2017-20084 | 1 Jung-group | 2 Smart Visu Server, Smart Visu Server Firmware | 2025-04-15 | 5.3 Medium |
| A vulnerability has been found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832 and classified as critical. Affected by this vulnerability is an unknown functionality of the component KNX Group Address. The manipulation leads to backdoor. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component. | ||||
Page 1 of 1.