Saho Adm-100Fp vulnerabilities
3 known vulnerabilities affecting saho/adm-100fp.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1
Vulnerabilities
Page 1 of 1
CVE-2023-38029P2CRITICALCVSS 9.8vQ20100602vT17041702+2 more2023-08-28
CVE-2023-38029 [CRITICAL] CWE-434 CVE-2023-38029: Saho’s attendance devices ADM100 and ADM-100FP has insufficient filtering for special characters an
Saho’s attendance devices ADM100 and ADM-100FP has insufficient filtering for special characters and file type within their file uploading function. A unauthenticate remote attacker authenticated can upload and execute arbitrary files to perform arbitrary system commands or disrupt service.
nvd
CVE-2023-38028P2CRITICALCVSS 9.1vQ20100602vT17041702+2 more2023-08-28
CVE-2023-38028 [CRITICAL] CWE-306 CVE-2023-38028: Saho’s attendance devices ADM100 and ADM-100FP have insufficient authentication. An unauthenticated
Saho’s attendance devices ADM100 and ADM-100FP have insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication to read system information and operate user's data, but can’t control system or disrupt service.
nvd
CVE-2023-38030P3HIGHCVSS 7.5vQ20100602vT17041702+2 more2023-08-28
CVE-2023-38030 [HIGH] CWE-306 CVE-2023-38030: Saho’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for c
Saho’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for critical functions. An unauthenticated remote attacker can execute system commands in partial website URLs to read sensitive device information without permissions.
nvd