20 matches found
CVE-2025-59108 Weak Default Passwords in dormakaba access manager
By default, the password for the Access Manager's web interface, is set to 'admin'. In the tested version changing the password was not enforced...
CVE-2025-59108 Weak Default Passwords in dormakaba access manager
By default, the password for the Access Manager's web interface, is set to 'admin'. In the tested version changing the password was not enforced...
CVE-2025-59107 Static Firmware Encryption Password in dormakaba access manager
Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is provided in an encrypted ZIP file. Within this tool, the password used to decrypt the ZIP and extract the firmware is set statically and can be...
CVE-2025-59106 Web Server Running with Root Privileges in dormakaba access manager
The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands...
CVE-2025-59106 Web Server Running with Root Privileges in dormakaba access manager
The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands...
CVE-2025-59104 Unlocked Bootloader in dormakaba access manager
With physical access to the device and enough time an attacker is able to solder test leads to the debug footprint or use the 6-Pin tag-connect cable. Thus, the attacker gains access to the bootloader, where the kernel command line can be changed. An attacker is able to gain a root shell through...
CVE-2025-59104 Unlocked Bootloader in dormakaba access manager
With physical access to the device and enough time an attacker is able to solder test leads to the debug footprint or use the 6-Pin tag-connect cable. Thus, the attacker gains access to the bootloader, where the kernel command line can be changed. An attacker is able to gain a root shell through...
CVE-2025-59103 Weak Default Passwords for SSH Access in dormakaba access manager
The Access Manager 92xx in hardware revision K7 is based on Linux instead of Windows CE embedded in older hardware revisions. In this new hardware revision it was noticed that an SSH service is exposed on port 22. By analyzing the firmware of the devices, it was noticed that there are two users...
CVE-2025-59100 Unauthenticated Access to the SQLite Database in dormakaba access manager
The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...
CVE-2025-59099 Unauthenticated Path Traversal in dormakaba access manager
The Access Manager is using the open source web server CompactWebServer written in C. This web server is affected by a path traversal vulnerability, which allows an attacker to directly access files via simple GET requests without prior authentication. Hence, it is possible to retrieve all files...
CVE-2025-59099 Unauthenticated Path Traversal in dormakaba access manager
The Access Manager is using the open source web server CompactWebServer written in C. This web server is affected by a path traversal vulnerability, which allows an attacker to directly access files via simple GET requests without prior authentication. Hence, it is possible to retrieve all files...
Dormakaba Access Manager security vulnerabilities
The Dormakaba Access Manager is a smart hardware controller developed by the Dormakaba company in the United States. There are security vulnerabilities associated with the Dormakaba Access Manager. These vulnerabilities stem from the default configuration, where SOAP requests are sent to the Acce...
Dormakaba Access Manager security vulnerabilities
The Dormakaba Access Manager is a smart hardware controller developed by the American company Dormakaba. There is a security vulnerability in the Dormakaba Access Manager, which stems from authentication based on the source IP address, potentially allowing IP address spoofing attacks to occur...
Dormakaba Access Manager security vulnerabilities
Dormakaba Access Manager is a smart hardware controller developed by the American company Dormakaba. There is a security vulnerability in Dormakaba Access Manager, which stems from path traversal vulnerabilities in the CompactWebServer. This vulnerability could allow unauthorized access to files...
Dormakaba Access Manager security vulnerabilities
Dormakaba Access Manager is a smart hardware controller developed by the American company Dormakaba. There is a security vulnerability in Dormakaba Access Manager. This vulnerability arises from the fact that the exported databases are sometimes not deleted, and the paths can be accessed without...
Dormakaba Access Manager security vulnerabilities
Dormakaba Access Manager is a smart hardware controller developed by the American company Dormakaba. There is a security vulnerability in Dormakaba Access Manager, which stems from the use of a static extractable password in the firmware update ZIP file, potentially allowing the firmware to be...
Dormakaba Access Manager security vulnerabilities
The Dormakaba Access Manager is a smart hardware controller developed by the Dormakaba company in the United States. There is a security vulnerability in the Dormakaba Access Manager, which stems from the Web server binary running with root privileges, potentially leading to an increase in...
Dormakaba Access Manager security vulnerabilities
Dormakaba Access Manager is a smart hardware controller developed by the American company Dormakaba. There is a security vulnerability in Dormakaba Access Manager. This vulnerability arises from the fact that the tracking function does not require authentication or encryption, and the transmitted...
Dormakaba Access Manager security vulnerabilities
Dormakaba Access Manager is a smart hardware controller developed by the American company Dormakaba. There is a security vulnerability in Dormakaba Access Manager, which stems from the backup function allowing the download of local databases containing sensitive data such as unencrypted PINs,...
Dormakaba Access Manager security vulnerabilities
Dormakaba Access Manager is a smart hardware controller developed by the American company Dormakaba. There is a security vulnerability in Dormakaba Access Manager, which stems from the ability to modify the bootloader’s command line interface physically. This vulnerability could potentially lead ...