Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unauthenticated SOAP API in dormakaba Kaba exos 9300
Vulnerability Description
On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled chip cards.
CVSS Information
N/A
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Dormakaba exos 9300 安全漏洞
Vulnerability Description
Dormakaba exos 9300是美国Dormakaba公司的一个出入库控制与安全管理系统。 Dormakaba exos 9300存在安全漏洞,该漏洞源于SOAP API无需身份验证,可能导致创建任意访问日志事件或查询已注册芯片卡关联的2FA PIN。
CVSS Information
N/A
Vulnerability Type
N/A