dormakaba Access Manager 9200-k5
Easy fix6 remedies
Easy fix6 remedies
- < XAMB 04.06.212
- < BAME 06.00
dormakaba Access Manager 9200-K7 Weak Default Passwords for SSH Access Vulnerability
Vulnerability
A vulnerability exists in the dormakaba Access Manager 9200-K7 due to weak default passwords for SSH access. The root password is initially set to 'eac', and the 'update_user' account has a default password of 'secret'. Under certain conditions, the root password is not randomized and remains as 'eac', allowing unauthorized access via SSH. This issue affects all versions of the Access Manager 9200-K7 prior to BAME 05.01.088.
Impact
Exploitation of this vulnerability allows for unauthorized SSH access to the Access Manager 9200-K7 with root privileges.
Reproduction
The vulnerability can be reproduced by attempting to log into the Access Manager 9200-K7 via SSH using the default 'root' password 'eac', or the 'update_user' account with the password 'secret', if the password has not been changed after the first deployment.
Remediation
Users are advised to update to Access Manager 9200-K7 version BAME 05.01.088 or later, where this vulnerability has been addressed.
Added: Jan 26, 2026, 10:48 AM
Updated: Jan 26, 2026, 3:16 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
7.5exploitability
7.2remediation
0.0relevance
2.4threat
4.8urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.