Missing Authentication Vulnerability in Saho's ADM100 and ADM-100FP Attendance Devices

Missing Authentication Vulnerability in Saho's ADM100 and ADM-100FP Attendance Devices

CVE-2023-38030 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Saho’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for critical functions. An unauthenticated remote attacker can execute system commands in partial website URLs to read sensitive device information without permissions.

Learn more about our Web App Pen Testing.