cbcvebase.

Dormakaba Access Manager 92Xx-K5 vulnerabilities

9 known vulnerabilities affecting dormakaba/access_manager_92xx-k5.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH5MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-59097P2CRITICALCVSS 9.3v92xx-K5: <XAMB 04.06.2122026-01-26
CVE-2025-59097 [CRITICAL] CWE-306 CVE-2025-59097: The exos 9300 application can be used to configure Access Managers (e.g. 92xx, 9230 and 9290). The c The exos 9300 application can be used to configure Access Managers (e.g. 92xx, 9230 and 9290). The configuration is done in a graphical user interface on the dormakaba exos server. As soon as the save button is clicked in exos 9300, the whole configuration is sent to the selected Access Manager via SOAP. The SOAP request is sent without any prior
nvd
CVE-2025-59103P2CRITICALCVSS 9.2v92xx-K5: <BAME 05.01.882026-01-26
CVE-2025-59103 [CRITICAL] CWE-1391 CVE-2025-59103: The Access Manager 92xx in hardware revision K7 is based on Linux instead of Windows CE embedded in The Access Manager 92xx in hardware revision K7 is based on Linux instead of Windows CE embedded in older hardware revisions. In this new hardware revision it was noticed that an SSH service is exposed on port 22. By analyzing the firmware of the devices, it was noticed that there are two users with hardcoded and weak passwords that can be used to
nvd
CVE-2025-59108P3CRITICALCVSS 9.2v92xx-K5: All versions2026-01-26
CVE-2025-59108 [CRITICAL] CWE-1392 CVE-2025-59108: By default, the password for the Access Manager's web interface, is set to 'admin'. In the tested ve By default, the password for the Access Manager's web interface, is set to 'admin'. In the tested version changing the password was not enforced.
nvd
CVE-2025-59099P3HIGHCVSS 8.8v92xx-K5: <XAMB 04.05.212026-01-26
CVE-2025-59099 [HIGH] CWE-35 CVE-2025-59099: The Access Manager is using the open source web server CompactWebServer written in C#. This web serv The Access Manager is using the open source web server CompactWebServer written in C#. This web server is affected by a path traversal vulnerability, which allows an attacker to directly access files via simple GET requests without prior authentication. Hence, it is possible to retrieve all files stored on the file system, including the SQLite databas
nvd
CVE-2025-59098P3HIGHCVSS 8.7v92xx-K5: <XAMB 04.06.2122026-01-26
CVE-2025-59098 [HIGH] CWE-497 CVE-2025-59098: The Access Manager is offering a trace functionality to debug errors and issues with the device. The The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive debug information. The data is permanently broadcasted on
nvd
CVE-2025-59101P3HIGHCVSS 7.7v92xx-K5: <XAMB 04.06.2122026-01-26
CVE-2025-59101 [HIGH] CWE-291 CVE-2025-59101: Instead of typical session tokens or cookies, it is verified on a per-request basis if the originati Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As soon as an authentication request from a certain source IP is successful, the IP address is handled as authenticated. No other session information is stored. Therefore, it is possible to spoof the IP add
nvd
CVE-2025-59107P3HIGHCVSS 8.5vAll versions2026-01-26
CVE-2025-59107 [HIGH] CWE-798 CVE-2025-59107: Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is provided in an encrypted ZIP file. Within this tool, the password used to decrypt the ZIP and extract the firmware is set statically and can be extracted. This password was valid for multiple observed fi
nvd
CVE-2025-59100P3MEDIUMCVSS 5.9v92xx-K5: <XAMB 04.06.2122026-01-26
CVE-2025-59100 [MEDIUM] CWE-285 CVE-2025-59100: The web interface offers a functionality to export the internal SQLite database. After executing the The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes the device does not reboot and therefore the exported d
nvd
CVE-2025-59105P4HIGHCVSS 7.0v92xx-K5: All versions2026-01-26
CVE-2025-59105 [HIGH] CWE-312 CVE-2025-59105: With physical access to the device and enough time an attacker can desolder the flash memory, modify With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and read, in order to gain SSH root access on the Linux-base
nvd
Dormakaba Access Manager 92Xx-K5 vulnerabilities | cvebase