CVE-2025-26793

Published Feb 15, 2025

Last updated a year ago

CVSS critical 10.0

Overview

Description
The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username freedom, password viscount). The administrator is not prompted to change these credentials on initial configuration, and changing the credentials requires many steps. Attackers can use the credentials over the Internet via mesh.webadmin.MESHAdminServlet to gain access to dozens of Canadian and U.S. apartment buildings and obtain building residents' PII. NOTE: the Supplier's perspective is that the "vulnerable systems are not following manufacturers' recommendations to change the default password."
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
10
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:S/MSA:X/S:P/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

Weaknesses

cve@mitre.org
CWE-1393

Social media

Hype score
Not currently trending

  1. Actively exploited CVE : CVE-2025-26793

    @transilienceai

    10 Mar 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. Actively exploited CVE : CVE-2025-26793

    @transilienceai

    9 Mar 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Actively exploited CVE : CVE-2025-26793

    @transilienceai

    8 Mar 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. Actively exploited CVE : CVE-2025-26793

    @transilienceai

    7 Mar 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. Actively exploited CVE : CVE-2025-26793

    @transilienceai

    4 Mar 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. ⚠️⚠️ CVE-2025-26793 (CVSS 10): Critical Security Vulnerability in Hirsch Enterphone MESH 🎯1k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔥Deep Dive: https://t.co/tpVgprIoRI 🔗FOFA Link: https://t.co/zWk2IRcFnJ FOFA Query:app="HIRSCH-Enterphone-MESH"… http

    @fofabot

    4 Mar 2025

    42 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨Alert🚨 CVE-2025-26793 (CVSS 10): Critical Security Vulnerability in Hirsch Enterphone MESH 🧐Deep Dive :https://t.co/jaQ6tRQH5L 📊 1.3K+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/jTmOV4A2ad 👇Query HUNTER :… https://t.co/Sj6nOIKT0f ht

    @HunterMapping

    4 Mar 2025

    1325 Impressions

    5 Retweets

    19 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  8. Actively exploited CVE : CVE-2025-26793

    @transilienceai

    3 Mar 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. 🚨🚨CVE-2025-26793 (CVSS: 10) A default password is exposing dozens of apartment buildings to cyber attackers! 😱 Attackers can exploit mesh.webadmin.MESHAdminServlet to access sensitive resident PII, all via the internet. ZoomEye Dork👉title="ENTERPHONE Administration Login"

    @zoomeye_team

    3 Mar 2025

    3973 Impressions

    9 Retweets

    41 Likes

    10 Bookmarks

    1 Reply

    2 Quotes

  10. Actively exploited CVE : CVE-2025-26793

    @transilienceai

    2 Mar 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. Actively exploited CVE : CVE-2025-26793

    @transilienceai

    1 Mar 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. Actively exploited CVE : CVE-2025-26793

    @transilienceai

    28 Feb 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  13. Actively exploited CVE : CVE-2025-26793

    @transilienceai

    28 Feb 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  14. Actively exploited CVE : CVE-2025-26793

    @transilienceai

    26 Feb 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  15. Actively exploited CVE : CVE-2025-26793

    @transilienceai

    22 Feb 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  16. Actively exploited CVE : CVE-2025-26793

    @transilienceai

    21 Feb 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  17. 🚨Critical Security Vulnerability in Hirsch Enterphone MESH 🆔 CVE: CVE-2025-26793 💣 CVSS Score: 10 📅 Published Date: 25/02/15 ⚠️ Details: The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials… htt

    @DarkWebInformer

    16 Feb 2025

    4787 Impressions

    2 Retweets

    25 Likes

    9 Bookmarks

    1 Reply

    0 Quotes

  18. CVE-2025-26793 Default Credentials Exposure in Hirsch Enterphone MESH Web GUI Enabling Unauthorized Access https://t.co/W7GiuXh0Ar

    @VulmonFeeds

    15 Feb 2025

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. CVE-2025-26793 The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username freedom, password visc… https://t.co/6iA3rJvM69

    @CVEnew

    15 Feb 2025

    722 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.