Missing Authentication Vulnerability in Saho's ADM100 and ADM-100FP Attendance Devices
CVE-2023-38030 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Saho’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for critical functions. An unauthenticated remote attacker can execute system commands in partial website URLs to read sensitive device information without permissions.
Learn more about our Web App Pen Testing.