Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2023-38029

Published: 28/08/2023 Updated: 29/08/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Saho

Vulnerability Summary

Saho’s attendance devices ADM100 and ADM-100FP has insufficient filtering for special characters and file type within their file uploading function. A unauthenticate remote attacker authenticated can upload and execute arbitrary files to perform arbitrary system commands or disrupt service.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

saho adm-100_firmware 0.0.4.0

saho adm-100_firmware 0.0.4.3

saho adm-100_firmware 0.0.4.6

saho adm-100_firmware 0.0.4.8

saho adm-100_firmware q20100602

saho adm-100_firmware t190

saho adm-100_firmware t17041702

saho adm-100_firmware t18051803

saho adm-100fp_firmware q20100602

saho adm-100fp_firmware t190

saho adm-100fp_firmware t17041702

saho adm-100fp_firmware t18051803

References

CWE-434https://www.twcert.org.tw/tw/cp-132-7336-35a94-1.htmlhttps://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook