9.1

CVE-2023-38028

Saho’s attendance devices ADM100 and ADM-100FP have insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication to read system information and operate user's data,  but can’t control system or disrupt service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SahoAdm-100 Firmware Version0.0.4.0
   SahoAdm-100 Version-
SahoAdm-100 Firmware Version0.0.4.3
   SahoAdm-100 Version-
SahoAdm-100 Firmware Version0.0.4.6
   SahoAdm-100 Version-
SahoAdm-100 Firmware Version0.0.4.8
   SahoAdm-100 Version-
SahoAdm-100 Firmware Versionq20100602
   SahoAdm-100 Version-
SahoAdm-100 Firmware Versiont190
   SahoAdm-100 Version-
SahoAdm-100 Firmware Versiont17041702
   SahoAdm-100 Version-
SahoAdm-100 Firmware Versiont18051803
   SahoAdm-100 Version-
SahoAdm-100fp Firmware Versionq20100602
   SahoAdm-100fp Version-
SahoAdm-100fp Firmware Versiont190
   SahoAdm-100fp Version-
SahoAdm-100fp Firmware Versiont17041702
   SahoAdm-100fp Version-
SahoAdm-100fp Firmware Versiont18051803
   SahoAdm-100fp Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.07% 0.225
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
twcert@cert.org.tw 9.1 3.9 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.