cve-2025-26793
Vulnerability from cvelistv5
Published
2025-02-15 00:00
Modified
2025-02-24 16:39
Severity ?
10.0 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/S:P/MSI:S
Summary
The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username freedom, password viscount). The administrator is not prompted to change these credentials on initial configuration, and changing the credentials requires many steps. Attackers can use the credentials over the Internet via mesh.webadmin.MESHAdminServlet to gain access to dozens of Canadian and U.S. apartment buildings and obtain building residents' PII. NOTE: the Supplier's perspective is that the "vulnerable systems are not following manufacturers' recommendations to change the default password."
References
cve@mitre.orghttps://news.ycombinator.com/item?id=43160884
cve@mitre.orghttps://support.identiv.com/products/physical-access/hirsch/
cve@mitre.orghttps://www.ericdaigle.ca/posts/breaking-into-dozens-of-apartments-in-five-minutes/
Impacted products
Vendor Product Version
Hirsch Enterphone MESH Version: 0   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-26793",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-19T14:16:04.184219Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-19T14:16:09.209Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Enterphone MESH",
          "vendor": "Hirsch",
          "versions": [
            {
              "lessThanOrEqual": "2024",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username freedom, password viscount). The administrator is not prompted to change these credentials on initial configuration, and changing the credentials requires many steps. Attackers can use the credentials over the Internet via mesh.webadmin.MESHAdminServlet to gain access to dozens of Canadian and U.S. apartment buildings and obtain building residents\u0027 PII. NOTE: the Supplier\u0027s perspective is that the \"vulnerable systems are not following manufacturers\u0027 recommendations to change the default password.\""
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/MSI:S/S:P",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1393",
              "description": "CWE-1393 Use of Default Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-24T16:39:41.829Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://support.identiv.com/products/physical-access/hirsch/"
        },
        {
          "url": "https://www.ericdaigle.ca/posts/breaking-into-dozens-of-apartments-in-five-minutes/"
        },
        {
          "url": "https://news.ycombinator.com/item?id=43160884"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-26793",
    "datePublished": "2025-02-15T00:00:00.000Z",
    "dateReserved": "2025-02-14T00:00:00.000Z",
    "dateUpdated": "2025-02-24T16:39:41.829Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-26793\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-02-15T15:15:23.587\",\"lastModified\":\"2025-02-24T17:15:14.580\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username freedom, password viscount). The administrator is not prompted to change these credentials on initial configuration, and changing the credentials requires many steps. Attackers can use the credentials over the Internet via mesh.webadmin.MESHAdminServlet to gain access to dozens of Canadian and U.S. apartment buildings and obtain building residents\u0027 PII. NOTE: the Supplier\u0027s perspective is that the \\\"vulnerable systems are not following manufacturers\u0027 recommendations to change the default password.\\\"\"},{\"lang\":\"es\",\"value\":\"El panel de configuraci\u00f3n de la interfaz gr\u00e1fica de usuario web de Hirsch (anteriormente Identiv y Viscount) Enterphone MESH hasta 2024 se entrega con credenciales predeterminadas (nombre de usuario freedom, contrase\u00f1a viscond). No se le solicita al administrador que cambie estas credenciales en la configuraci\u00f3n inicial, y cambiar las credenciales requiere muchos pasos. Los atacantes pueden usar las credenciales a trav\u00e9s de Internet mediante mesh.webadmin.MESHAdminServlet para obtener acceso a docenas de edificios de apartamentos canadienses y estadounidenses y obtener informaci\u00f3n de identificaci\u00f3n personal de los residentes del edificio. NOTA: la perspectiva del proveedor es que los \\\"sistemas vulnerables no siguen las recomendaciones de los fabricantes para cambiar la contrase\u00f1a predeterminada\\\".\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:S/MSA:X/S:P/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnerableSystemConfidentiality\":\"HIGH\",\"vulnerableSystemIntegrity\":\"HIGH\",\"vulnerableSystemAvailability\":\"NONE\",\"subsequentSystemConfidentiality\":\"NONE\",\"subsequentSystemIntegrity\":\"NONE\",\"subsequentSystemAvailability\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"SAFETY\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"PRESENT\",\"automatable\":\"NOT_DEFINED\",\"recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1393\"}]}],\"references\":[{\"url\":\"https://news.ycombinator.com/item?id=43160884\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.identiv.com/products/physical-access/hirsch/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.ericdaigle.ca/posts/breaking-into-dozens-of-apartments-in-five-minutes/\",\"source\":\"cve@mitre.org\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-26793\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-19T14:16:04.184219Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-18T17:00:37.941Z\"}}], \"cna\": {\"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 10, \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/MSI:S/S:P\"}}], \"affected\": [{\"vendor\": \"Hirsch\", \"product\": \"Enterphone MESH\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2024\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://support.identiv.com/products/physical-access/hirsch/\"}, {\"url\": \"https://www.ericdaigle.ca/posts/breaking-into-dozens-of-apartments-in-five-minutes/\"}, {\"url\": \"https://news.ycombinator.com/item?id=43160884\"}], \"x_generator\": {\"engine\": \"enrichogram 0.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username freedom, password viscount). The administrator is not prompted to change these credentials on initial configuration, and changing the credentials requires many steps. Attackers can use the credentials over the Internet via mesh.webadmin.MESHAdminServlet to gain access to dozens of Canadian and U.S. apartment buildings and obtain building residents\u0027 PII. NOTE: the Supplier\u0027s perspective is that the \\\"vulnerable systems are not following manufacturers\u0027 recommendations to change the default password.\\\"\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1393\", \"description\": \"CWE-1393 Use of Default Password\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-02-24T16:39:41.829Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-26793\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-24T16:39:41.829Z\", \"dateReserved\": \"2025-02-14T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-02-15T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.