PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5

May 6, 2025 invoker category_news

Security Update News

Update Information

Title PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5
Update ID PT-2021-01
Type ptsecurity
Published 2025-05-07T00:00:00
Last Updated 2025-05-07T00:00:00

Security Impact

CVSS Score 0.0
Severity NONE
Attack Vector

Affected CVEs

  • CVE-2018-9099

Update Details

With access to the dispenser controller USB port, an attacker can install an outdated or modified firmware version (with malicious content) to bypass the encryption and withdraw cash.

**Advisory status:**

07.2018 – Vendor notification date

**Credits:**

The vulnerability was discovered by Vladimir Kononovich, Alexey Stennikov (independent researcher)

View Advisory Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.