CVE-2025-28371 — MEDIUM (6.5)

Vulnerability Description

EnGenius ENH500 AP 2T2R V3.0 FW3.7.22 is vulnerable to Incorrect Access Control via the password change function. The device fails to validate the current password, allowing an attacker to submit a password change request with an invalid current password and set a new password.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Engeniustech	Enh500 Firmware	3.7.22
Engeniustech	Enh500	3.0

Related Weaknesses (CWE)

CWE-284

References

https://drive.google.com/file/d/1kQFOyFQYycKynIBjbU8bMx2gYTG3Bxi2/view?usp=shariExploit
https://pastebin.com/raw/EnL1XT2nThird Party Advisory
https://pastebin.com/raw/hziq1nGHThird Party Advisory

FAQ

What is CVE-2025-28371?

CVE-2025-28371 is a vulnerability with a CVSS score of 6.5 (MEDIUM). EnGenius ENH500 AP 2T2R V3.0 FW3.7.22 is vulnerable to Incorrect Access Control via the password change function. The device fails to validate the current password, allowing an attacker to submit a pa...

How severe is CVE-2025-28371?

CVE-2025-28371 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-28371?

Check the references section above for vendor advisories and patch information. Affected products include: Engeniustech Enh500 Firmware, Engeniustech Enh500.