Lucene search
+L

80 matches found

Cvelist
Cvelist
added 2026/01/26 10:3 a.m.37 views

CVE-2025-59090 Unauthenticated SOAP API in dormakaba Kaba exos 9300

On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled...

9.3CVSS0.01039EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.7 views

Dormakaba Access Manager security vulnerabilities

The Dormakaba Access Manager is a smart hardware controller developed by the Dormakaba company in the United States. The Dormakaba Access Manager has a security vulnerability, which stems from unencrypted flash memory. Physical access allows modification or reading of sensitive files, potentially...

7CVSS5.8AI score0.00097EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.12 views

Dormakaba Exos 9300 security vulnerabilities

The Dormakaba Exos 9300 is an access control and security management system developed by the American company Dormakaba. The Dormakaba Exos 9300 has a security vulnerability, where the default password for the extended administrator user mode is hardcoded, which may allow unauthorized access...

4.6CVSS5.8AI score0.00155EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.6 views

Dormakaba Exos 9300 security vulnerabilities

The Dormakaba Exos 9300 is an access control and security management system developed by the American company Dormakaba. The Dormakaba Exos 9300 has a security vulnerability, which stems from the presence of multiple hardcoded credentials. This vulnerability could allow unauthorized access to the...

9.3CVSS5.8AI score0.00759EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.6 views

Dormakaba Access Manager security vulnerabilities

The Dormakaba Access Manager is a smart hardware controller developed by the American company Dormakaba. There is a security vulnerability in the Dormakaba Access Manager, which stems from authentication based on the source IP address, potentially allowing IP address spoofing attacks to occur...

7.7CVSS5.8AI score0.00572EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.9 views

Dormakaba Access Manager security vulnerabilities

Dormakaba Access Manager is a smart hardware controller developed by the American company Dormakaba. There is a security vulnerability in Dormakaba Access Manager, which stems from the use of a static extractable password in the firmware update ZIP file, potentially allowing the firmware to be...

8.5CVSS5.8AI score0.00167EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.8 views

Dormakaba Access Manager security vulnerabilities

Dormakaba Access Manager is a smart hardware controller developed by the American company Dormakaba. There is a security vulnerability in Dormakaba Access Manager, which stems from the ability to modify the bootloader’s command line interface physically. This vulnerability could potentially lead ...

7CVSS5.8AI score0.00166EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.6 views

Dormakaba Access Manager security vulnerabilities

Dormakaba Access Manager is a smart hardware controller developed by the American company Dormakaba. There is a security vulnerability in Dormakaba Access Manager, which stems from the backup function allowing the download of local databases containing sensitive data such as unencrypted PINs,...

6.9CVSS5.8AI score0.00275EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.9 views

Dormakaba Exos 9300 security vulnerabilities

The Dormakaba Exos 9300 is an access control and security management system developed by the American company Dormakaba. The Dormakaba Exos 9300 has a security vulnerability. This vulnerability stems from the SOAP API, which requires no authentication, potentially allowing the creation of arbitra...

9.3CVSS7.4AI score0.01039EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.8 views

Dormakaba Exos 9300 security vulnerabilities

The Dormakaba Exos 9300 is an access control and security management system developed by the American company Dormakaba. The Dormakaba Exos 9300 has a security vulnerability, as the database passwords are derived from static random values. This vulnerability could allow attackers to derive...

8.5CVSS5.8AI score0.00188EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.14 views

PT-2026-4757

Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is provided in an encrypted ZIP file. Within this tool, the password used to decrypt the ZIP and extract the firmware is set statically and can be...

8.5CVSS5.9AI score0.00167EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.8 views

Dormakaba Exos 9300 security vulnerabilities

Dormakaba exos 9300 is an access control and security management system developed by the American company Dormakaba. The Dormakaba exos 9300 has a security vulnerability, which stems from the fact that the RPC service requires no authentication. This vulnerability may allow the transmission of...

8.7CVSS5.9AI score0.00759EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.7 views

Dormakaba Access Manager security vulnerabilities

Dormakaba Access Manager is a smart hardware controller developed by the American company Dormakaba. There is a security vulnerability in Dormakaba Access Manager, which stems from path traversal vulnerabilities in the CompactWebServer. This vulnerability could allow unauthorized access to files...

8.8CVSS7.3AI score0.00699EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.9 views

Dormakaba Access Manager security vulnerabilities

The Dormakaba Access Manager is a smart hardware controller developed by the Dormakaba company in the United States. There are security vulnerabilities associated with the Dormakaba Access Manager. These vulnerabilities stem from the default configuration, where SOAP requests are sent to the Acce...

9.3CVSS5.8AI score0.00523EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.6 views

Dormakaba registration unit 9002 security vulnerabilities

The Dormakaba Registration Units 9002 is a password input panel developed by the American company Dormakaba. There is a security vulnerability associated with the Dormakaba Registration Units 9002; this vulnerability stems from the exposed UART interface, which can leak button press data,...

5.1CVSS7.3AI score0.00456EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.11 views

Dormakaba Access Manager security vulnerabilities

The Dormakaba Access Manager is a smart hardware controller developed by the Dormakaba company in the United States. There is a security vulnerability in the Dormakaba Access Manager, which stems from the Web server binary running with root privileges, potentially leading to an increase in...

8.8CVSS5.8AI score0.00684EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.7 views

Dormakaba Access Manager security vulnerabilities

Dormakaba Access Manager is a smart hardware controller developed by the American company Dormakaba. There is a security vulnerability in Dormakaba Access Manager. This vulnerability arises from the fact that the exported databases are sometimes not deleted, and the paths can be accessed without...

5.9CVSS5.7AI score0.00572EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.6 views

Dormakaba Exos 9300 security vulnerabilities

Dormakaba Exos 9300 is an access control and security management system developed by the American company Dormakaba. Dormakaba Exos 9300 has a security vulnerability that stems from the ability to specify any executable file to run with SYSTEM privileges, which may lead to an increase in local...

8.4CVSS5.8AI score0.00169EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.6 views

PT-2026-4759

Name of the Vulnerable Software and Affected Versions dormakaba registration units 9002 PIN Pad Units affected versions not specified Description The dormakaba registration units 9002 PIN Pad Units have an exposed UART header. The PIN pad transmits every button press through this UART interface. ...

5.1CVSS7.4AI score0.00456EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.12 views

Dormakaba Access Manager security vulnerabilities

Dormakaba Access Manager is a smart hardware controller developed by the American company Dormakaba. There is a security vulnerability in Dormakaba Access Manager. This vulnerability arises from the fact that the tracking function does not require authentication or encryption, and the transmitted...

8.7CVSS5.8AI score0.00339EPSS
Exploits0References4
Rows per page
Query Builder