Vulnerability Details CVE-2023-38029
Saho’s attendance devices ADM100 and ADM-100FP has insufficient filtering for special characters and file type within their file uploading function. A unauthenticate remote attacker authenticated can upload and execute arbitrary files to perform arbitrary system commands or disrupt service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.3%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2023-38029
-
cpe:2.3:h:saho:adm-100:-
-
cpe:2.3:h:saho:adm-100fp:-
-
cpe:2.3:o:saho:adm-100_firmware:0.0.4.0
-
cpe:2.3:o:saho:adm-100_firmware:0.0.4.3
-
cpe:2.3:o:saho:adm-100_firmware:0.0.4.6
-
cpe:2.3:o:saho:adm-100_firmware:0.0.4.8
-
cpe:2.3:o:saho:adm-100_firmware:q20100602
-
cpe:2.3:o:saho:adm-100_firmware:t17041702
-
cpe:2.3:o:saho:adm-100_firmware:t18051803
-
cpe:2.3:o:saho:adm-100_firmware:t190
-
cpe:2.3:o:saho:adm-100fp_firmware:q20100602
-
cpe:2.3:o:saho:adm-100fp_firmware:t17041702
-
cpe:2.3:o:saho:adm-100fp_firmware:t18051803
-
cpe:2.3:o:saho:adm-100fp_firmware:t190