PT-2026-4753 · Unknown · Access Manager 92Xx
Published
2026-01-26
·
Updated
2026-01-27
·
CVE-2025-59103
CVSS v4.0
9.2
Critical
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Access Manager 92xx hardware revision K7 (affected versions not specified)
Description
The Access Manager 92xx hardware revision K7 utilizes a Linux-based operating system, differing from older revisions that used Windows CE. An SSH service is exposed on port 22. The device contains accounts with hardcoded or easily guessable passwords, allowing unauthorized access via SSH. Password randomization, if enabled, is dependent on the device's configured date. If the date is set prior to 2022, or if the device clock has not been set or has been reset, the password may not be randomized, resulting in predictable credentials.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Access Manager 92Xx