CVE-2025-59103

{"id": "CVE-2025-59103", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.2, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-26T10:16:08.117", "references": [{"url": "https://r.sec-consult.com/dkaccess", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf"}, {"url": "https://r.sec-consult.com/dormakaba", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf"}, {"url": "https://www.dormakabagroup.com/en/security-advisories", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "description": [{"lang": "en", "value": "CWE-1391"}]}], "descriptions": [{"lang": "en", "value": "The Access Manager 92xx in hardware revision K7 is based on Linux instead of Windows CE embedded in older hardware revisions. In this new hardware revision it was noticed that an SSH service is exposed on port 22. By analyzing the firmware of the devices, it was noticed that there are two users with hardcoded and weak passwords that can be used to access the devices via SSH. The passwords can be also guessed very easily. The password of at least one user is set to a random value after the first deployment, with the restriction that the password is only randomized if the configured date is prior to 2022. Therefore, under certain circumstances, the passwords are not randomized. For example, if the clock is never set on the device, the battery of the clock module has been changed, the Access Manager has been factory reset and has not received a time yet."}, {"lang": "es", "value": "El Access Manager 92xx en la revisi\u00f3n de hardware K7 est\u00e1 basado en Linux en lugar de Windows CE incrustado en revisiones de hardware anteriores. En esta nueva revisi\u00f3n de hardware se observ\u00f3 que un servicio SSH est\u00e1 expuesto en el puerto 22. Al analizar el firmware de los dispositivos, se observ\u00f3 que hay dos usuarios con contrase\u00f1as codificadas y d\u00e9biles que pueden usarse para acceder a los dispositivos v\u00eda SSH. Las contrase\u00f1as tambi\u00e9n pueden adivinarse muy f\u00e1cilmente. La contrase\u00f1a de al menos un usuario se establece a un valor aleatorio despu\u00e9s del primer despliegue, con la restricci\u00f3n de que la contrase\u00f1a solo se aleatoriza si la fecha configurada es anterior a 2022. Por lo tanto, bajo ciertas circunstancias, las contrase\u00f1as no se aleatorizan. Por ejemplo, si el reloj nunca se configura en el dispositivo, la bater\u00eda del m\u00f3dulo del reloj ha sido cambiada, el Access Manager ha sido restablecido de f\u00e1brica y a\u00fan no ha recibido una hora."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf"}