AI description
The web-based configuration panel for Hirsch Enterphone MESH (formerly Identiv and Viscount) versions through 2024 has a vulnerability due to default credentials. The username "freedom" with the password "viscount" can be used to access the administrative interface via `mesh.webadmin.MESHAdminServlet`. The system doesn't prompt administrators to change these credentials upon initial setup, and the process to change them is complex. This vulnerability potentially allows unauthorized access to building management systems. This vulnerability has been identified as CVE-2025-26793 and assigned the GitHub ID GHSA-x8v9-7r66-c92w. It affects numerous apartment buildings in Canada and the US. Exploiting this vulnerability could lead to unauthorized access and potential exposure of residents' personally identifiable information (PII). It's important to note that this information is current as of February 16, 2025, and the situation may evolve.
- Description
- The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username freedom, password viscount). The administrator is not prompted to change these credentials on initial configuration, and changing the credentials requires many steps. Attackers can use the credentials over the Internet via mesh.webadmin.MESHAdminServlet to gain access to dozens of Canadian and U.S. apartment buildings and obtain building residents' PII. NOTE: the Supplier's perspective is that the "vulnerable systems are not following manufacturers' recommendations to change the default password."
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 10
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:S/MSA:X/S:P/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- cve@mitre.org
- CWE-1393
- Hype score
- Not currently trending
Actively exploited CVE : CVE-2025-26793
@transilienceai
10 Mar 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26793
@transilienceai
9 Mar 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26793
@transilienceai
8 Mar 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26793
@transilienceai
7 Mar 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26793
@transilienceai
4 Mar 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️⚠️ CVE-2025-26793 (CVSS 10): Critical Security Vulnerability in Hirsch Enterphone MESH 🎯1k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔥Deep Dive: https://t.co/tpVgprIoRI 🔗FOFA Link: https://t.co/zWk2IRcFnJ FOFA Query:app="HIRSCH-Enterphone-MESH"… http
@fofabot
4 Mar 2025
42 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-26793 (CVSS 10): Critical Security Vulnerability in Hirsch Enterphone MESH 🧐Deep Dive :https://t.co/jaQ6tRQH5L 📊 1.3K+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/jTmOV4A2ad 👇Query HUNTER :… https://t.co/Sj6nOIKT0f ht
@HunterMapping
4 Mar 2025
1325 Impressions
5 Retweets
19 Likes
6 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-26793
@transilienceai
3 Mar 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨🚨CVE-2025-26793 (CVSS: 10) A default password is exposing dozens of apartment buildings to cyber attackers! 😱 Attackers can exploit mesh.webadmin.MESHAdminServlet to access sensitive resident PII, all via the internet. ZoomEye Dork👉title="ENTERPHONE Administration Login"
@zoomeye_team
3 Mar 2025
3973 Impressions
9 Retweets
41 Likes
10 Bookmarks
1 Reply
2 Quotes
Actively exploited CVE : CVE-2025-26793
@transilienceai
2 Mar 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26793
@transilienceai
1 Mar 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26793
@transilienceai
28 Feb 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26793
@transilienceai
28 Feb 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26793
@transilienceai
26 Feb 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26793
@transilienceai
22 Feb 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-26793
@transilienceai
21 Feb 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨Critical Security Vulnerability in Hirsch Enterphone MESH 🆔 CVE: CVE-2025-26793 💣 CVSS Score: 10 📅 Published Date: 25/02/15 ⚠️ Details: The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials… htt
@DarkWebInformer
16 Feb 2025
4787 Impressions
2 Retweets
25 Likes
9 Bookmarks
1 Reply
0 Quotes
CVE-2025-26793 Default Credentials Exposure in Hirsch Enterphone MESH Web GUI Enabling Unauthorized Access https://t.co/W7GiuXh0Ar
@VulmonFeeds
15 Feb 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-26793 The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username freedom, password visc… https://t.co/6iA3rJvM69
@CVEnew
15 Feb 2025
722 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes