CVE-2025-26793 PoC — Hirsch Enterphone MESH 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-26793.yaml

Associated Vulnerability

Title:Hirsch Enterphone MESH 安全漏洞 (CVE-2025-26793)
Description:Hirsch Enterphone MESH是Hirsch公司的一款基于MESH网络技术的智能门禁和通信系统。 Hirsch Enterphone MESH 2024及之前版本存在安全漏洞，该漏洞源于默认凭据未强制修改。

Description

The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username freedom, password viscount). The administrator is not prompted to change these credentials on initial configuration, and changing the credentials requires many steps. Attackers can use the credentials over the Internet via mesh.webadmin.MESHAdminServlet to gain access to dozens of Canadian and U.S. apartment buildings and obtain building residents' PII. NOTE- the Supplier's perspective is that the "vulnerable systems are not following manufacturers' recommendations to change the default password."

File Snapshot


 id: CVE-2025-26793

info:
  name: FREEDOM Administration - Default Login
  author: Eric Daigle,Dhiya

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!