Medium severity5.6NVD Advisory· Published Mar 21, 2024· Updated Apr 15, 2026

CVE-2024-29916

Description

The dormakaba Saflok system before the November 2023 software update allows an attacker to unlock arbitrary doors at a property via forged keycards, if the attacker has obtained one active or expired keycard for the specific property, aka the "Unsaflok" issue. This occurs, in part, because the key derivation function relies only on a UID. This affects, for example, Saflok MT, and the Confidant, Quantum, RT, and Saffire series.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

news.ycombinator.com/itemnvd
unsaflok.comnvd
www.wired.com/story/saflok-hotel-lock-unsaflok-hack-technique/nvd
www.youtube.com/watchnvd

News mentions

No linked articles in our index yet.

cvss	0.364
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000