CVE-2025-59091

Multiple hardcoded credentials have been identified, which are allowed to sign-in to the exos 9300 datapoint server running on port 1004 and 1005. This server is used for relaying status information from and to the Access Managers. This information, among other things, is used to graphically...

CVE-2025-59091 Hardcoded Legacy Accounts Allowing Control Over Access Managers in dormakaba Kaba exos 9300

Multiple hardcoded credentials have been identified, which are allowed to sign-in to the exos 9300 datapoint server running on port 1004 and 1005. This server is used for relaying status information from and to the Access Managers. This information, among other things, is used to graphically...

EUVD-2025-206352

Multiple hardcoded credentials have been identified, which are allowed to sign-in to the exos 9300 datapoint server running on port 1004 and 1005. This server is used for relaying status information from and to the Access Managers. This information, among other things, is used to graphically...

PT-2026-4741

Multiple hardcoded credentials have been identified, which are allowed to sign-in to the exos 9300 datapoint server running on port 1004 and 1005. This server is used for relaying status information from and to the Access Managers. This information, among other things, is used to graphically...

Dormakaba Exos 9300 security vulnerabilities

The Dormakaba Exos 9300 is an access control and security management system developed by the American company Dormakaba. The Dormakaba Exos 9300 has a security vulnerability, which stems from the presence of multiple hardcoded credentials. This vulnerability could allow unauthorized access to the...

PT-2026-4747

The exos 9300 application can be used to configure Access Managers e.g. 92xx, 9230 and 9290. The configuration is done in a graphical user interface on the dormakaba exos server. As soon as the save button is clicked in exos 9300, the whole configuration is sent to the selected Access Manager via...

EUVD-2023-25573

Malicious code in bioql PyPI...

EUVD-2023-42718

Malicious code in bioql PyPI...

Advantech WISE 4060LAN / IoT Gateway Packet Injection

Remote attackers can execute Modbus commands to WISE-4060/LAN module and manipulate the DO channels. This could lead to unauthorized control of connected devices, such as turning systems on or off, causing disruptions or unsafe conditions. In industrial settings, the DO channels might control...

CVE-2024-32752

The iSTAR door controllers running firmware prior to version 6.6.B, does not support authenticated communications with ICU, which may allow an attacker to gain unauthorized access...

CVE-2024-32752

The iSTAR door controllers running firmware prior to version 6.6.B, does not support authenticated communications with ICU, which may allow an attacker to gain unauthorized access...

Code injection

When the Genie Company Aladdin Connect garage door opener Retrofit-Kit Model ALDCM is placed into configuration mode the web servers “Garage Door Control Module Setup” page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML. This allo...

PT-2024-14839 · Genie Company · Aladdin Connect

Name of the Vulnerable Software and Affected Versions: The Genie Company Aladdin Connect Retrofit-Kit Model ALDCM affected versions not specified Description: Unauthenticated access is permitted to the web interface page "Garage Door Control Module Setup" of The Genie Company Aladdin Connect...

CVE-2023-38958

An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request...

CVE-2023-38958

An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request...

CVE-2023-38958

An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request...

ZKTeco BioAccess IVS 安全漏洞

ZKTeco BioAccess IVS is a lite web-based security platform from ZKTeco, China. An Access Control Error vulnerability exists in ZKTeco BioAccess IVS v3.3.1, which arises from improper access control and can be exploited by an attacker to arbitrarily close and open the door to the platform...

CVE-2023-38958

The CVE-2023-38958 entry describes an access control flaw in ZKTeco BioAccess IVS v3.3.1. An unauthenticated attacker can remotely close and open doors managed by the platform by sending a crafted web request. Root cause cited across sources is improper access control. Affected component: BioAcce...

Axis Network Door Controllers 安全漏洞

AXIS Network Door Controllers is a network door controller from AXIS Sweden. A security vulnerability exists in Axis Network Door Controllers, Axis Network Intercoms, which stems from a crash of the OSDP message parser pacsiod process when communicating via OSDP intercom, resulting in a temporary...

PT-2023-7483 · Axis · Axis Network Intercoms +1

Name of the Vulnerable Software and Affected Versions: Axis Network Door Controllers and Axis Network Intercoms affected versions not specified Description: The issue is related to a flaw in the implementation of the Open Supervised Device Protocol OSDP in Axis Network Door Controllers and Axis...