CVE-2023-38028— Saho ADM100&ADM-100FP - Broken Access Control

CVSS 9.1 · Critical EPSS 0.07% · P22 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-38028

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Saho ADM100&ADM-100FP - Broken Access Control

Source: NVD (National Vulnerability Database)

Vulnerability Description

Saho’s attendance devices ADM100 and ADM-100FP have insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication to read system information and operate user's data, but can’t control system or disrupt service.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

关键功能的认证机制缺失

Source: NVD (National Vulnerability Database)

Vulnerability Title

Saho ADM100 、ADM-100FP 访问控制错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Saho ADM100和Saho ADM-100FP都是中国商合行（Saho）公司的一种全方位安全设备。 Saho ADM100 、ADM-100FP存在访问控制错误漏洞，该漏洞源于未经身份验证的攻击者可通过修改网址路径绕过身分验证，读取系统信息并操作用户数据。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Saho	ADM100	0.0.4.0	-
Saho	ADM-100FP	Q20100602	-

II. Public POCs for CVE-2023-38028

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-38028

请登录查看更多情报信息。

Same Patch Batch · Saho · 2023-08-28 · 3 CVEs total

CVE-2023-38029	9.8 CRITICAL	Saho ADM100&ADM-100FP - Arbitrary File Upload
CVE-2023-38030	7.5 HIGH	Saho ADM100&ADM-100FP - Execute Code

IV. Related Vulnerabilities

Same product: ADM100

Same vendor: Saho

Same weakness: CWE-306

V. Comments for CVE-2023-38028

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2023-38028— Saho ADM100&ADM-100FP - Broken Access Control

I. Basic Information for CVE-2023-38028

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-38028

III. Intelligence Information for CVE-2023-38028

Same Patch Batch · Saho · 2023-08-28 · 3 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2023-38028

Leave a comment