Vulnerabilities (CVE)

Filtered by vendor Saho Subscribe
Filtered by product Adm-100fp
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-38030 1 Saho 4 Adm-100, Adm-100 Firmware, Adm-100fp and 1 more 2024-11-21 N/A 7.5 HIGH
Saho’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for critical functions. An unauthenticated remote attacker can execute system commands in partial website URLs to read sensitive device information without permissions.
CVE-2023-38029 1 Saho 4 Adm-100, Adm-100 Firmware, Adm-100fp and 1 more 2024-11-21 N/A 9.8 CRITICAL
Saho’s attendance devices ADM100 and ADM-100FP has insufficient filtering for special characters and file type within their file uploading function. A unauthenticate remote attacker authenticated can upload and execute arbitrary files to perform arbitrary system commands or disrupt service.
CVE-2023-38028 1 Saho 4 Adm-100, Adm-100 Firmware, Adm-100fp and 1 more 2024-11-21 N/A 9.1 CRITICAL
Saho’s attendance devices ADM100 and ADM-100FP have insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication to read system information and operate user's data, but can’t control system or disrupt service.