CNNVD-202601-4396 Information

CNNVD ID

CNNVD-202601-4396

Related CVE

CVE-2025-59097

• CNNVD Published: 2026-01-26

Description (Chinese)

Dormakaba Access Manager是美国Dormakaba公司的一个智能硬件控制器。 Dormakaba Access Manager存在安全漏洞，该漏洞源于默认配置下向Access Manager发送SOAP请求无需身份验证或授权，且网络分段不足，可能导致攻击者完全控制整个环境。

Description (English)

Dormakaba Access Manager is a smart hardware controller for Dormakaba in the United States. There is a security loophole in Dormakaba Access Manager, which stems from the default configuration of sending SOAP requests to Access Manager without identification or authorization, and the inadequacy of the network segment, which may result in the attackers taking full control of the environment.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Dormakaba

Published

2026-01-26

Last Modified

2026-02-24

References

https://r.sec-consult.com/dormakaba https://r.sec-consult.com/dkaccess https://www.dormakabagroup.com/en/security-advisories https://access.redhat.com/security/cve/cve-2025-59097

Patch

https://www.dormakabagroup.com/en/security-advisories