Dormakaba Access Manager 92xx-k5
10 CVEs affecting Dormakaba Access Manager 92xx-k5. Latest disclosed: 2026-01-26. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-59108 | | 2026-01-26 | By default, the password for the Access Manager's web interface, is set to 'admin'. In the tested version changing the password was not enforced. | |
CVE-2025-59107 | | 2026-01-26 | Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is provided… | |
CVE-2025-59105 | | 2026-01-26 | With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Th… | |
CVE-2025-59103 | | 2026-01-26 | The Access Manager 92xx in hardware revision K7 is based on Linux instead of Windows CE embedded in older hardware revisions. In this new hardware revision it… | |
CVE-2025-59102 | | 2026-01-26 | The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole c… | |
CVE-2025-59101 | | 2026-01-26 | Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As soon as a… | |
CVE-2025-59100 | | 2026-01-26 | The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the… | |
CVE-2025-59099 | | 2026-01-26 | The Access Manager is using the open source web server CompactWebServer written in C#. This web server is affected by a path traversal vulnerability, which all… | |
CVE-2025-59098 | | 2026-01-26 | The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket… | |
CVE-2025-59097 | | 2026-01-26 | The exos 9300 application can be used to configure Access Managers (e.g. 92xx, 9230 and 9290). The configuration is done in a graphical user interface on the d… |