Vulnerability Management, Identity

Maximum severity Hirsch Enterphone vulnerability threatens North American buildings

Dozens of apartment buildings in the U.S. and Canada have been exposed to a maximum severity flaw in the popular Hirsch Enterphone MESH door access system, tracked as CVE-2025-26793, TechCrunch reports.

Such a vulnerability, which stems from default-shipped credentials, could be leveraged to infiltrate MESH's web-based back-end system and covertly compromise dozens of buildings' office and residential door locks, common areas, and elevators within minutes, according to cybersecurity researcher Eric Daigle, who discovered and reported the security issue.

No fixes are planned for the flaw, which Hirsch noted was by design and should have prompted users to replace the default password during the setup process. Additional details regarding the bug were also not provided by Hirsch, which opted to inform its customers regarding the importance of adhering to the Enterphone MESH door access system's manual.

Increasingly prevalent intrusions targeting default credentials have since led governments to urge technology vendors to implement more robust security defenses.

An In-Depth Guide to Identity

Get essential knowledge and practical strategies to fortify your identity security.

Related

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Basic AuthenticationBiometricsBugBuffer OverflowCertificate-Based AuthenticationChallenge-Handshake Authentication Protocol (CHAP)Digest AuthenticationDigital CertificateDisassemblyDiscretionary Access Control (DAC)

You can skip this ad in 5 seconds