EnGenius ENH500 AP 2T2R V3.0 FW3.7.22 is vulnerable to Incorrect Access Control via the password change function. The device fails to validate the current password, allowing an attacker to submit a password change request with an invalid current password and set a new password.
Metrics
Affected Vendors & Products
References
History
Thu, 12 Jun 2025 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Engeniustech
Engeniustech enh500 Engeniustech enh500 Firmware |
|
CPEs | cpe:2.3:h:engeniustech:enh500:3.0:*:*:*:*:*:*:* cpe:2.3:o:engeniustech:enh500_firmware:3.7.22:*:*:*:*:*:*:* |
|
Vendors & Products |
Engeniustech
Engeniustech enh500 Engeniustech enh500 Firmware |
Mon, 19 May 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 19 May 2025 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-284 | |
Metrics |
cvssV3_1
|
Mon, 19 May 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | EnGenius ENH500 AP 2T2R V3.0 FW3.7.22 is vulnerable to Incorrect Access Control via the password change function. The device fails to validate the current password, allowing an attacker to submit a password change request with an invalid current password and set a new password. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published: 2025-05-19T00:00:00.000Z
Updated: 2025-05-19T16:00:16.838Z
Reserved: 2025-03-11T00:00:00.000Z
Link: CVE-2025-28371

Updated: 2025-05-19T16:00:09.279Z

Status : Analyzed
Published: 2025-05-19T14:15:23.547
Modified: 2025-06-12T16:26:26.253
Link: CVE-2025-28371

No data.