Vulnerability Details CVE-2023-38030
Saho’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for critical functions. An unauthenticated remote attacker can execute system commands in partial website URLs to read sensitive device information without permissions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.8%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2023-38030
-
cpe:2.3:h:saho:adm-100:-
-
cpe:2.3:h:saho:adm-100fp:-
-
cpe:2.3:o:saho:adm-100_firmware:0.0.4.0
-
cpe:2.3:o:saho:adm-100_firmware:0.0.4.3
-
cpe:2.3:o:saho:adm-100_firmware:0.0.4.6
-
cpe:2.3:o:saho:adm-100_firmware:0.0.4.8
-
cpe:2.3:o:saho:adm-100_firmware:q20100602
-
cpe:2.3:o:saho:adm-100_firmware:t17041702
-
cpe:2.3:o:saho:adm-100_firmware:t18051803
-
cpe:2.3:o:saho:adm-100_firmware:t190
-
cpe:2.3:o:saho:adm-100fp_firmware:q20100602
-
cpe:2.3:o:saho:adm-100fp_firmware:t17041702
-
cpe:2.3:o:saho:adm-100fp_firmware:t18051803
-
cpe:2.3:o:saho:adm-100fp_firmware:t190