eNet SMART HOME server 2.3.1 (setUserGroup) Remote Privilege Escalation
Title: eNet SMART HOME server 2.3.1 (setUserGroup) Remote Privilege Escalation
Advisory ID: ZSL-2026-5975
Type: Local/Remote
Impact: Privilege Escalation, Security Bypass
Risk: (4/5)
Release Date: 14.02.2026
2.2.1 (46056)
Jetty(9.2.z-SNAPSHOT)
[07.02.2026] Vendor contacted.
[13.02.2026] No response from the vendor.
[14.02.2026] Public security advisory released.
Web: https://www.zeroscience.mk
e-mail: [email protected]
Advisory ID: ZSL-2026-5975
Type: Local/Remote
Impact: Privilege Escalation, Security Bypass
Risk: (4/5)
Release Date: 14.02.2026
Summary
Two German specialists in building systems technology are jointly bringing a new, wireless-based smart home system to the market. Gira and JUNG are the companies behind the eNet SMART HOME brand with our subsidiary, INSTA, responsible for developing the system. All three of us are old hands when it comes to building automation, and have a history of connecting buildings in an intelligent way that goes back as far as the 80s. Gira, JUNG and INSTA were part of the group of companies that initiated and founded EIBA (now known as KNX). KNX is the first open global standard for home and building automation. Through KNX, we have decisively shaped the development of intelligent building systems technology – and this wealth of experience has now come together in eNet SMART HOME. The eNet server is the heart of every eNet SMART HOME system and offers end customers the basis for an easy-to-use and secure Smart Home and installation engineers easily understandable and professional commissioning of the system.Description
The eNet Smart Home system suffers from a privilege escalation vulnerability due to insufficient authorization checks in the JSON-RPC endpoint for user management. A low-privileged user, can exploit the "setUserGroup" method by sending a crafted POST request to /jsonrpc/management, specifying their own username and elevating it to the "UG_ADMIN" group. This bypasses intended access controls, granting the attacker administrative capabilities such as modifying device configurations, network settings, and potentially compromising the entire smart home ecosystem.Vendor
Gira Giersiepen GmbH & Co. KG | ALBRECHT JUNG GmbH & Co. KG | Insta GmbH - https://www.enet-smarthome.comAffected Version
2.3.1 (46841)2.2.1 (46056)
Tested On
GNU/Linux 4.4.15 (ARMv7 revision 5)Jetty(9.2.z-SNAPSHOT)
Vendor Status
[07.02.2026] Vulnerability discovered.[07.02.2026] Vendor contacted.
[13.02.2026] No response from the vendor.
[14.02.2026] Public security advisory released.
PoC
eNetSmartHome.jsCredits
Vulnerability discovered by Gjoko Krstic - <[email protected]>References
N/AChangelog
[14.02.2026] - Initial releaseContact
Zero Science LabWeb: https://www.zeroscience.mk
e-mail: [email protected]
