cbcvebase.
CVE-2023-38029
published 2023-08-28

CVE-2023-38029: Saho’s attendance devices ADM100 and ADM-100FP has insufficient filtering for special characters and file type within their file uploading function. A…

PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.77%
51.0th percentile
Saho’s attendance devices ADM100 and ADM-100FP has insufficient filtering for special characters and file type within their file uploading function. A unauthenticate remote attacker authenticated can upload and execute arbitrary files to perform arbitrary system commands or disrupt service.

Affected

24 ranges
VendorProductVersion rangeFixed in
sahoadm-100_firmware
sahoadm-100_firmware
sahoadm-100_firmware
sahoadm-100_firmware
sahoadm-100_firmware
sahoadm-100_firmware
sahoadm-100_firmware
sahoadm-100_firmware
sahoadm-100fp
sahoadm-100fp
sahoadm-100fp
sahoadm-100fp
sahoadm-100fp_firmware
sahoadm-100fp_firmware
sahoadm-100fp_firmware
sahoadm-100fp_firmware
sahoadm100
sahoadm100
sahoadm100
sahoadm100
sahoadm100
sahoadm100
sahoadm100
sahoadm100
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.