SEC Consult researchers have discovered critical vulnerabilities in dormakaba’s exos 9300 physical access control system, allowing attackers to open arbitrary doors, reconfigure controllers without authentication, and access sensitive data. These flaws span hardware, firmware, and software, impacting numerous enterprise customers, including those in high-security sectors. Dormakaba has released patches and a hardening guideline to address these issues.
Edward Kiledjian
@ekiledjian