|
|
|
|
|
|
by azinman2
483 days ago
|
|
|
2025-01-30: Hirsch asked for an update as to whether clients running vulnerable systems have been alerted (no response as of publication) 2025-02-14: CVE-2025-26793 assigned 2025-02-15: publication So two weeks after they don’t respond what they’re going to do with their clients this gets published? I’d hardly call that responsible. |
|
|
2024-12-27: Current vendor of MESH identified as Hirsch (subsidiary of Vitaprotech Group) and contacted
They were contacted 7 weeks before publication
and
2025-01-11: Hirsch product security responds requesting details and are asked if they intend to alert clients
They responded 5 weeks before publication, and so were aware of the issue for at least 5 weeks before it was disclosed, during which time they did nothing about it