CVE-2023-38030— Saho ADM100&ADM-100FP - Execute Code

CVSS 7.5 · High EPSS 0.13% · P32 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-38030

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Saho ADM100&ADM-100FP - Execute Code

Source: NVD (National Vulnerability Database)

Vulnerability Description

Saho’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for critical functions. An unauthenticated remote attacker can execute system commands in partial website URLs to read sensitive device information without permissions.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

关键功能的认证机制缺失

Source: NVD (National Vulnerability Database)

Vulnerability Title

Saho ADM100和ADM-100FP 访问控制错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Saho ADM100和Saho ADM-100FP都是中国商合行（Saho）公司的一种全方位安全设备。 Saho ADM100 、ADM-100FP存在访问控制错误漏洞，该漏洞源于关键功能缺失认证，远程攻击者攻击者利用该漏洞可以在部分网站URL中执行系统命令，从而在没有权限的情况下读取敏感设备信息。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Saho	ADM100	0.0.4.0	-
Saho	ADM-100FP	Q20100602	-

II. Public POCs for CVE-2023-38030

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-38030

请登录查看更多情报信息。

Same Patch Batch · Saho · 2023-08-28 · 3 CVEs total

CVE-2023-38029	9.8 CRITICAL	Saho ADM100&ADM-100FP - Arbitrary File Upload
CVE-2023-38028	9.1 CRITICAL	Saho ADM100&ADM-100FP - Broken Access Control

IV. Related Vulnerabilities

Same product: ADM100

Same vendor: Saho

Same weakness: CWE-306

V. Comments for CVE-2023-38030

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2023-38030— Saho ADM100&ADM-100FP - Execute Code

I. Basic Information for CVE-2023-38030

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-38030

III. Intelligence Information for CVE-2023-38030

Same Patch Batch · Saho · 2023-08-28 · 3 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2023-38030

Leave a comment