51 matches found
CVE-2025-59109
The dormakaba registration units 9002 PIN Pad Units have an exposed UART header on the backside. The PIN pad is sending every button press to the UART interface. An attacker can use the interface to exfiltrate PINs. As the devices are explicitly built as Plug-and-Play to be easily replaced, an...
CVE-2025-59109
The dormakaba registration units 9002 PIN Pad Units have an exposed UART header on the backside. The PIN pad is sending every button press to the UART interface. An attacker can use the interface to exfiltrate PINs. As the devices are explicitly built as Plug-and-Play to be easily replaced, an...
CVE-2025-59109
The CVE-2025-59109 entry describes the dormakaba reg-istration units 9002 PIN Pad Units with an exposed UART header. The PIN pad reportedly transmits every button press over UART, enabling an attacker with physical access to read PIN data; due to Plug‑and‑Play design, an attacker could remove a d...
CVE-2025-59109 UART Leaking Sensitive Data in dormakaba registration unit 9002
The dormakaba registration units 9002 PIN Pad Units have an exposed UART header on the backside. The PIN pad is sending every button press to the UART interface. An attacker can use the interface to exfiltrate PINs. As the devices are explicitly built as Plug-and-Play to be easily replaced, an...
CVE-2025-59109 UART Leaking Sensitive Data in dormakaba registration unit 9002
The dormakaba registration units 9002 PIN Pad Units have an exposed UART header on the backside. The PIN pad is sending every button press to the UART interface. An attacker can use the interface to exfiltrate PINs. As the devices are explicitly built as Plug-and-Play to be easily replaced, an...
Dormakaba registration unit 9002 security vulnerabilities
The Dormakaba Registration Units 9002 is a password input panel developed by the American company Dormakaba. There is a security vulnerability associated with the Dormakaba Registration Units 9002; this vulnerability stems from the exposed UART interface, which can leak button press data,...
CVE-2025-9002
A vulnerability was identified in Surbowl dormitory-management-php 1.0. This affects an unknown part of the file login.php. The manipulation of the argument Account leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-9002
A vulnerability was identified in Surbowl dormitory-management-php 1.0. This affects an unknown part of the file login.php. The manipulation of the argument Account leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used...
CVE-2019-9002
An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config-setup.php allows remote attackers to execute arbitrary PHP code via the databasehost parameter if the installer remains present in its original directory after installation is completed...
CVE-2024-9002
CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity, and availability of the workstation when non-admin authenticated user tries to perform privilege escalation by tampering with the binaries...
CVE-2024-9002
creationtimestamp| type| source ---|---|--- 2024-10-11 17:01:16+00:00| seen| https://t.me/cvedetector/7677 2025-01-23 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-023-04...
CVE-2024-9002
CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity, and availability of the workstation when non-admin authenticated user tries to perform privilege escalation by tampering with the binaries...
CVE-2024-9002
CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity, and availability of the workstation when non-admin authenticated user tries to perform privilege escalation by tampering with the binaries...
CVE-2024-9002
CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity, and availability of the workstation when non-admin authenticated user tries to perform privilege escalation by tampering with the binaries...
CBL Mariner 2.0 Security Update: coredns (CVE-2023-49295)
The version of coredns installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-49295 advisory. - quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause...
China-linked APT17 Targets Italian Companies with 9002 RAT Malware
A China-linked threat actor called APT17 has been observed targeting Italian companies and government entities using a variant of a known malware referred to as 9002 RAT. The two targeted attacks took place on June 24 and July 2, 2024, Italian cybersecurity company TG Soft said in an analysis...
CVE-2023-49295
CVE-2023-49295 affects quic-go, an implementation of QUIC in Go. The issue allows an attacker to cause a peer to exhaust memory by sending many PATH_CHALLENGE frames; the receiver should reply with PATH_RESPONSEs, but an attacker can suppress most responses by manipulating the peer’s congestion w...
CVE-2023-49295
quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause its peer to run out of memory sending a large number of PATHCHALLENGE frames. The receiver is supposed to respond to each PATHCHALLENGE frame with a PATHRESPONSE frame. The attacker can...
CVE-2020-9002
creationtimestamp| type| source ---|---|--- 2021-09-01 14:36:03+00:00| seen| https://t.me/cibsecurity/28150...
CVE-2020-9002
An issue was discovered in iPortalis iCS 7.1.13.0. An attacker can gain privileges by intercepting a request and changing UserRoleKey=COMPANYADMIN to UserRoleKey=DOMAINADMIN to achieve Domain Administrator access...