漏洞描述
FREEDOM 是Hirsch的Web GUI 配置面板,由于更改凭据需要很多步骤,初始配置时不会提示管理员更改这些凭据,攻击者可以通过mesh.webadmin.MESHAdminServlet 在互联网上使用这些凭据,访问数十座加拿大和美国公寓楼并获取楼内居民的 PII。
FREEDOM Administration存在弱口令漏洞(CVE-2025-26793)
PoC代码
暂无相关漏洞推荐
- POC CVE-2015-2794: DotNetNuke 07.04.00 - Administration Authentication Bypass
- POC CVE-2018-19439: Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting
- POC CVE-2019-2729: Oracle WebLogic Server Administration Console - Remote Code Execution
- POC CVE-2020-14883: Oracle Fusion Middleware WebLogic Server Administration Console - Remote Code Execution
- POC CVE-2021-41878: i-Panel Administration System 2.0 - Cross-Site Scripting
- POC CVE-2023-32315: Openfire Administration Console - Authentication Bypass
- POC CVE-2025-26793: FREEDOM Administration - Default Login
- POC CVE-2020-14883: Oracle Fusion Middleware WebLogic Server Administration Console - Remote Code Execution
- POC jboss-jbpm-default-login: JBoss jBPM Administration Console Default Login - Detect
- POC rethinkdb-admin-console: RethinkDB Administration Console - Detect
- POC avaya-aura-xss: Avaya Aura Utility Services Administration - Cross-Site Scripting
- Hirsch Enterphone MESH Web GUI /mesh/jsp/login.jsp 默认口令漏洞(CVE-2025-26793)
- XWiki.org XWiki LegacyNotificationAdministration since 代码注入漏洞