CVE-2025-28371

Published: May 19, 2025Modified: Jun 12, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Exploitability: 3.9 / Impact: 2.5

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

EnGenius ENH500 AP 2T2R V3.0 FW3.7.22 is vulnerable to Incorrect Access Control via the password change function. The device fails to validate the current password, allowing an attacker to submit a password change request with an invalid current password and set a new password.

Affected (1)

Products: Engeniustech: Enh500 Firmware

1 product

Enh500 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Engeniustech Enh500 Firmware	Version 3.7.22

Running on/with	Platform Versions
Engeniustech Enh500	Version 3.0

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (3)

https://drive.google.com/file/d/1kQFOyFQYycKynIBjbU8bMx2gYTG3Bxi2/view?usp=sharing

Source: cve@mitre.org

Exploit

https://pastebin.com/raw/EnL1XT2n

Source: cve@mitre.org

Third Party Advisory

https://pastebin.com/raw/hziq1nGH

Source: cve@mitre.org

Third Party Advisory

Timeline

No history available yet.