CVE-2023-38029

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 28, 2023

Updated: Aug 29, 2023

CWE ID 434

Summary

CVE-2023-38029 is a vulnerability affecting Saho's attendance devices ADM100 and ADM-100FP. The issue lies in the insufficient filtering of special characters and file types during file uploads. An unauthenticated attacker can exploit this weakness to upload and execute arbitrary files, potentially leading to system command execution or disruption of services. This vulnerability poses a significant risk, as it allows an attacker to gain unauthorized access and manipulate the system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Saho

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r9eh76
https://www.cve.org/CVERecord?id=CVE-2023-38029
https://nvd.nist.gov/vuln/detail/CVE-2023-38029

Back to Vulnerability Database

CVE-2023-38029

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations