Insufficient Authentication in Saho's Attendance Devices ADM100 and ADM-100FP

Insufficient Authentication in Saho's Attendance Devices ADM100 and ADM-100FP

CVE-2023-38028 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Saho’s attendance devices ADM100 and ADM-100FP have insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication to read system information and operate user's data, but can’t control system or disrupt service.

Learn more about our User Device Pen Test.