80 matches found
CVE-2025-59090 Unauthenticated SOAP API in dormakaba Kaba exos 9300
On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled...
Dormakaba Access Manager security vulnerabilities
The Dormakaba Access Manager is a smart hardware controller developed by the Dormakaba company in the United States. The Dormakaba Access Manager has a security vulnerability, which stems from unencrypted flash memory. Physical access allows modification or reading of sensitive files, potentially...
Dormakaba Exos 9300 security vulnerabilities
The Dormakaba Exos 9300 is an access control and security management system developed by the American company Dormakaba. The Dormakaba Exos 9300 has a security vulnerability, where the default password for the extended administrator user mode is hardcoded, which may allow unauthorized access...
Dormakaba Exos 9300 security vulnerabilities
The Dormakaba Exos 9300 is an access control and security management system developed by the American company Dormakaba. The Dormakaba Exos 9300 has a security vulnerability, which stems from the presence of multiple hardcoded credentials. This vulnerability could allow unauthorized access to the...
Dormakaba Access Manager security vulnerabilities
The Dormakaba Access Manager is a smart hardware controller developed by the American company Dormakaba. There is a security vulnerability in the Dormakaba Access Manager, which stems from authentication based on the source IP address, potentially allowing IP address spoofing attacks to occur...
Dormakaba Access Manager security vulnerabilities
Dormakaba Access Manager is a smart hardware controller developed by the American company Dormakaba. There is a security vulnerability in Dormakaba Access Manager, which stems from the use of a static extractable password in the firmware update ZIP file, potentially allowing the firmware to be...
Dormakaba Access Manager security vulnerabilities
Dormakaba Access Manager is a smart hardware controller developed by the American company Dormakaba. There is a security vulnerability in Dormakaba Access Manager, which stems from the ability to modify the bootloader’s command line interface physically. This vulnerability could potentially lead ...
Dormakaba Access Manager security vulnerabilities
Dormakaba Access Manager is a smart hardware controller developed by the American company Dormakaba. There is a security vulnerability in Dormakaba Access Manager, which stems from the backup function allowing the download of local databases containing sensitive data such as unencrypted PINs,...
Dormakaba Exos 9300 security vulnerabilities
The Dormakaba Exos 9300 is an access control and security management system developed by the American company Dormakaba. The Dormakaba Exos 9300 has a security vulnerability. This vulnerability stems from the SOAP API, which requires no authentication, potentially allowing the creation of arbitra...
Dormakaba Exos 9300 security vulnerabilities
The Dormakaba Exos 9300 is an access control and security management system developed by the American company Dormakaba. The Dormakaba Exos 9300 has a security vulnerability, as the database passwords are derived from static random values. This vulnerability could allow attackers to derive...
PT-2026-4757
Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is provided in an encrypted ZIP file. Within this tool, the password used to decrypt the ZIP and extract the firmware is set statically and can be...
Dormakaba Exos 9300 security vulnerabilities
Dormakaba exos 9300 is an access control and security management system developed by the American company Dormakaba. The Dormakaba exos 9300 has a security vulnerability, which stems from the fact that the RPC service requires no authentication. This vulnerability may allow the transmission of...
Dormakaba Access Manager security vulnerabilities
Dormakaba Access Manager is a smart hardware controller developed by the American company Dormakaba. There is a security vulnerability in Dormakaba Access Manager, which stems from path traversal vulnerabilities in the CompactWebServer. This vulnerability could allow unauthorized access to files...
Dormakaba Access Manager security vulnerabilities
The Dormakaba Access Manager is a smart hardware controller developed by the Dormakaba company in the United States. There are security vulnerabilities associated with the Dormakaba Access Manager. These vulnerabilities stem from the default configuration, where SOAP requests are sent to the Acce...
Dormakaba registration unit 9002 security vulnerabilities
The Dormakaba Registration Units 9002 is a password input panel developed by the American company Dormakaba. There is a security vulnerability associated with the Dormakaba Registration Units 9002; this vulnerability stems from the exposed UART interface, which can leak button press data,...
Dormakaba Access Manager security vulnerabilities
The Dormakaba Access Manager is a smart hardware controller developed by the Dormakaba company in the United States. There is a security vulnerability in the Dormakaba Access Manager, which stems from the Web server binary running with root privileges, potentially leading to an increase in...
Dormakaba Access Manager security vulnerabilities
Dormakaba Access Manager is a smart hardware controller developed by the American company Dormakaba. There is a security vulnerability in Dormakaba Access Manager. This vulnerability arises from the fact that the exported databases are sometimes not deleted, and the paths can be accessed without...
Dormakaba Exos 9300 security vulnerabilities
Dormakaba Exos 9300 is an access control and security management system developed by the American company Dormakaba. Dormakaba Exos 9300 has a security vulnerability that stems from the ability to specify any executable file to run with SYSTEM privileges, which may lead to an increase in local...
PT-2026-4759
Name of the Vulnerable Software and Affected Versions dormakaba registration units 9002 PIN Pad Units affected versions not specified Description The dormakaba registration units 9002 PIN Pad Units have an exposed UART header. The PIN pad transmits every button press through this UART interface. ...
Dormakaba Access Manager security vulnerabilities
Dormakaba Access Manager is a smart hardware controller developed by the American company Dormakaba. There is a security vulnerability in Dormakaba Access Manager. This vulnerability arises from the fact that the tracking function does not require authentication or encryption, and the transmitted...