What security vulnerability was discovered in the Hirsch Enterphone MESH system?

A critical vulnerability tracked as CVE-2025-26793 (CVSS score 10.0) was discovered in the Hirsch Enterphone MESH door access control system. The vulnerability allows unauthorized access to building security systems using default credentials ('freedom:viscount') that many properties have failed to change after installation.

What can attackers do by exploiting this vulnerability?

When exploited, this vulnerability provides complete access to the system's web-based administrative interface, allowing attackers to override door locks for unauthorized building entry, control elevator access, register new access fobs or disable existing ones, and change floor authorizations for existing fobs.

What personal information is exposed through vulnerable systems?

The vulnerable systems expose significant personal identifiable information (PII), including residents' full names mapped to unit numbers, building addresses, multi-year logs of fob access events (showing when residents enter/exit), and resident phone numbers.

How has Hirsch responded to this vulnerability?

Hirsch, which now owns the Enterphone MESH system, has declined to fix the vulnerability, stating it is 'by design' and that customers should have followed setup instructions to change the default password. The company has only committed to contacting its customers about following the product's instruction manual, rather than implementing a technical fix or making a public disclosure.

What is the root cause of this security issue?

The vulnerability stems from default credentials that ship with the MESH door access system and are documented in the installation guide. The company does not prompt or require customers to change these credentials during installation, and many building managers never change them.

Advisory

Critical well known default password flaw reported in Hirsch Enterphone door access system

published: Feb. 25, 2025

Take action: If your building is using Hirsch Enterphone, check with building management to reset the default password. And try to get them to use VPN, not just expose the management interface to the internet.

Learn More

A security researcher has uncovered a critical vulnerability in the Hirsch Enterphone MESH door access control system, potentially affecting dozens of apartment and office buildings across the United States and Canada.

The flaw, tracked as CVE-2025-26793 (CVSS score 10.0), allows unauthorized access to building security systems using default credentials that many properties have failed to change. The vulnerability stems from default credentials ("freedom:viscount") that ship with the MESH door access system.

These credentials are documented in the installation guide but many building managers never change them. When exploited, this vulnerability provides complete access to the system's web-based administrative interface, allowing attackers to:

Override door locks for unauthorized building entry
Control elevator access
Register new access fobs or disable existing ones
Change floor authorizations for existing fobs

Security researcher Eric Daigle discovered that approximately 43% of buildings using this system that have exposed it to the internet within the past year are vulnerable. Out of 659 systems identified on ZoomEye (an internet scanning site), 89 were confirmed vulnerable, with 71 of them located in Canada.

Beyond physical security risks, the vulnerable systems also expose significant personal identifiable information (PII), including:

Residents' full names mapped to unit numbers
Building addresses
Multi-year logs of fob access events (showing when residents enter/exit)
Resident phone numbers

Hirsch, which now owns the Enterphone MESH system, has declined to fix the vulnerability, stating it is "by design" and that customers should have followed setup instructions to change the default password. The company does not prompt or require customers to change these credentials during installation.

Despite the critical nature of the flaw, Hirsch has only committed to contacting its customers about following the product's instruction manual, rather than implementing a technical fix or making a public disclosure.

Critical well known default password flaw reported in Hirsch Enterphone door access system

Read More
Critical remote code execution flaw reported in MyQ …
Thousands of exploit attacks on Atlassian Confluence, week …
Critical Zero Day vulnerabilities in Atera Windows Installers …
Path traversal vulnerability in Docker compose enables system …
Amazon Q developer extension for VS Code compromised, …