7.5
CVE-2023-38030
- EPSS 0.13%
- Veröffentlicht 28.08.2023 07:15:09
- Zuletzt bearbeitet 21.11.2024 08:12:42
- Quelle twcert@cert.org.tw
- CVE-Watchlists
- Unerledigt
LoginSaho’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for critical functions. An unauthenticated remote attacker can execute system commands in partial website URLs to read sensitive device information without permissions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Saho ≫ Adm-100 Firmware Version0.0.4.0
Saho ≫ Adm-100 Firmware Version0.0.4.3
Saho ≫ Adm-100 Firmware Version0.0.4.6
Saho ≫ Adm-100 Firmware Version0.0.4.8
Saho ≫ Adm-100 Firmware Versionq20100602
Saho ≫ Adm-100 Firmware Versiont190
Saho ≫ Adm-100 Firmware Versiont17041702
Saho ≫ Adm-100 Firmware Versiont18051803
Saho ≫ Adm-100fp Firmware Versionq20100602
Saho ≫ Adm-100fp Firmware Versiont190
Saho ≫ Adm-100fp Firmware Versiont17041702
Saho ≫ Adm-100fp Firmware Versiont18051803
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.332 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| twcert@cert.org.tw | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.