Filtered by vendor Saho Subscriptions
Filtered by product Adm-100fp Firmware Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-38030 1 Saho 4 Adm-100, Adm-100 Firmware, Adm-100fp and 1 more 2024-11-21 7.5 High
Saho’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for critical functions. An unauthenticated remote attacker can execute system commands in partial website URLs to read sensitive device information without permissions.
CVE-2023-38029 1 Saho 4 Adm-100, Adm-100 Firmware, Adm-100fp and 1 more 2024-11-21 9.8 Critical
Saho’s attendance devices ADM100 and ADM-100FP has insufficient filtering for special characters and file type within their file uploading function. A unauthenticate remote attacker authenticated can upload and execute arbitrary files to perform arbitrary system commands or disrupt service.
CVE-2023-38028 1 Saho 4 Adm-100, Adm-100 Firmware, Adm-100fp and 1 more 2024-11-21 9.1 Critical
Saho’s attendance devices ADM100 and ADM-100FP have insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication to read system information and operate user's data, but can’t control system or disrupt service.