cvedb.io
CVE-2025-28371
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2025-05-19T14:15:23.547 · Last modified 2026-06-17T09:04:42.770

Summary

EnGenius ENH500 AP 2T2R V3.0 FW3.7.22 is vulnerable to Incorrect Access Control via the password change function. The device fails to validate the current password, allowing an attacker to submit a password change request with an invalid current password and set a new password.

Affected products

engeniustech — enh500_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when engeniustech ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.