CVE-2023-38030
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Aug 28, 2023
Updated: Aug 29, 2023
CWE ID 306
Summary
CVE-2023-38030 is a vulnerability affecting Saho's attendance devices, specifically the ADM100 and ADM-100FP models. The issue involves missing authentication for critical functions, allowing unauthenticated remote attackers to execute system commands through partial website URLs. This vulnerability permits the attacker to access sensitive device information without proper authorization. This security weakness poses a significant risk as it can be exploited to gain unauthorized access and potentially disrupt the functionality of the attendance devices.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Saho