Vulnerability Details CVE-2023-38028
Saho’s attendance devices ADM100 and ADM-100FP have insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication to read system information and operate user's data, but can’t control system or disrupt service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.0%
CVSS Severity
CVSS v3 Score 9.1
References
Products affected by CVE-2023-38028
-
cpe:2.3:h:saho:adm-100:-
-
cpe:2.3:h:saho:adm-100fp:-
-
cpe:2.3:o:saho:adm-100_firmware:0.0.4.0
-
cpe:2.3:o:saho:adm-100_firmware:0.0.4.3
-
cpe:2.3:o:saho:adm-100_firmware:0.0.4.6
-
cpe:2.3:o:saho:adm-100_firmware:0.0.4.8
-
cpe:2.3:o:saho:adm-100_firmware:q20100602
-
cpe:2.3:o:saho:adm-100_firmware:t17041702
-
cpe:2.3:o:saho:adm-100_firmware:t18051803
-
cpe:2.3:o:saho:adm-100_firmware:t190
-
cpe:2.3:o:saho:adm-100fp_firmware:q20100602
-
cpe:2.3:o:saho:adm-100fp_firmware:t17041702
-
cpe:2.3:o:saho:adm-100fp_firmware:t18051803
-
cpe:2.3:o:saho:adm-100fp_firmware:t190