Saho’s attendance devices ADM100 and ADM-100FP has insufficient filtering for special characters and file type within their file uploading function. A unauthenticate remote attacker authenticated can upload and execute arbitrary files to perform arbitrary system commands or disrupt service.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
saho adm-100_firmware 0.0.4.0 |
||
saho adm-100_firmware 0.0.4.3 |
||
saho adm-100_firmware 0.0.4.6 |
||
saho adm-100_firmware 0.0.4.8 |
||
saho adm-100_firmware q20100602 |
||
saho adm-100_firmware t190 |
||
saho adm-100_firmware t17041702 |
||
saho adm-100_firmware t18051803 |
||
saho adm-100fp_firmware q20100602 |
||
saho adm-100fp_firmware t190 |
||
saho adm-100fp_firmware t17041702 |
||
saho adm-100fp_firmware t18051803 |