CVE-2023-38030

Description

Saho’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for critical functions. An unauthenticated remote attacker can execute system commands in partial website URLs to read sensitive device information without permissions.

References

https://www.twcert.org.tw/tw/cp-132-7337-501df-1.html

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3