Primary

Context

dormakaba Kaba exos 9300 Weak Default Password Vulnerability

Vulnerability

Patched

A vulnerability exists in the Kaba exos 9300 application, specifically in the U9ExosAdmin.exe component, where the default password for the extended admin user mode is hard-coded and documented in local user manuals. This vulnerability affects all versions of Kaba exos 9300 prior to 4.4.1.

Impact

Exploitation of this vulnerability allows unauthorized access to the extended admin user mode, where sensitive configurations can be managed.

Reproduction

The vulnerability can be reproduced by logging into the Kaba exos 9300 administration application U9ExosAdmin.exe using the default password 'ExtendedAdminMode'.

Remediation

Users are advised to update to Kaba exos 9300 version 4.4.1 or later, and to consult their dormakaba partner for guidance on updating and implementing security best practices.

Added: Jan 26, 2026, 10:18 AM

Updated: Jan 26, 2026, 3:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.3

remediation

0.0

relevance

2.4

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.3

remediation

0.0

relevance

2.4

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

dormakaba Kaba exos 9300 Weak Default Password Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

dormakaba Kaba exos 9300

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating