EnGenius ENH500 AP 2T2R V3.0 FW3.7.22 is vulnerable to Incorrect Access Control via the password change function. The device fails to validate the current password, allowing an attacker to submit a password change request with an invalid current password and set a new password.
History

Thu, 12 Jun 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Engeniustech
Engeniustech enh500
Engeniustech enh500 Firmware
CPEs cpe:2.3:h:engeniustech:enh500:3.0:*:*:*:*:*:*:*
cpe:2.3:o:engeniustech:enh500_firmware:3.7.22:*:*:*:*:*:*:*
Vendors & Products Engeniustech
Engeniustech enh500
Engeniustech enh500 Firmware

Mon, 19 May 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 19 May 2025 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L'}


Mon, 19 May 2025 14:15:00 +0000

Type Values Removed Values Added
Description EnGenius ENH500 AP 2T2R V3.0 FW3.7.22 is vulnerable to Incorrect Access Control via the password change function. The device fails to validate the current password, allowing an attacker to submit a password change request with an invalid current password and set a new password.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2025-05-19T00:00:00.000Z

Updated: 2025-05-19T16:00:16.838Z

Reserved: 2025-03-11T00:00:00.000Z

Link: CVE-2025-28371

cve-icon Vulnrichment

Updated: 2025-05-19T16:00:09.279Z

cve-icon NVD

Status : Analyzed

Published: 2025-05-19T14:15:23.547

Modified: 2025-06-12T16:26:26.253

Link: CVE-2025-28371

cve-icon Redhat

No data.