dormakaba Access Manager 9200-k5
Easy fix3 remedies
Easy fix3 remedies
- < XAMB 04.06.212
- < BAME 06.00
Dormakaba Access Manager Static Firmware Encryption Password Vulnerability
Vulnerability
Patched
A vulnerability exists in the Dormakaba Access Manager due to a hardcoded password used to encrypt firmware updates. This password, embedded within the FWServiceTool application, can be extracted and is valid for multiple firmware versions. The encryption password is set in a DLL file, which can be accessed by disassembling the DLL with a tool like dnSpy.
Impact
Exploitation of this vulnerability allows for unauthorized access to the firmware encryption password, which can be used to decrypt and extract firmware updates intended for the Access Manager.
Reproduction
The vulnerability can be reproduced by disassembling the Dormakaba FWServiceTool DLL file named 'Firmware.Container.dll' using dnSpy. The extracted password can then be used to decrypt firmware ZIP files that are encrypted with this static password.
Remediation
Users are advised to contact their Dormakaba partner to ensure that their Access Manager is updated to a version that addresses this vulnerability.
Added: Jan 26, 2026, 10:48 AM
Updated: Jan 26, 2026, 3:12 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
2.5exploitability
7.7remediation
0.0relevance
2.3threat
1.6urgency
2.9incentive
4.2Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.