PT-2026-4759 · Dormakaba · Dormakaba Registration Unit 9002
Published
2026-01-26
·
Updated
2026-01-27
·
CVE-2025-59109
CVSS v4.0
5.1
Medium
| Vector | AV:P/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
dormakaba registration units 9002 (PIN Pad Units) (affected versions not specified)
Description
The dormakaba registration units 9002 (PIN Pad Units) have an exposed UART header. The PIN pad transmits every button press through this UART interface. An attacker could use this interface to obtain PINs. Due to the devices’ design for easy replacement, an attacker can install a hardware implant to connect to the UART and transmit the data, for example, via WiFi.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dormakaba Registration Unit 9002