go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

Saho ADM100&ADM-100FP - Broken Access Control - 1

TVN ID TVN-202308008
CVE ID CVE-2023-38028
CVSS 9.1 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products ADM-100: 0.0.4.0, 0.0.4.3, 0.0.4.6, 0.0.4.8, Q20100602, T17041702, T18051803, T190
ADM-100FP: Q20100602, T17041702, T18051803, T190
Description Saho’s attendance devices ADM100 and ADM-100FP have insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication to read system information and operate user's data, but can’t control system or disrupt service.
Solution Contact Saho support team
Credit Li-Fan Cheng、Chih-Che Chang、AnWei Kung(國家資通安全研究院)
Public Date 2023-09-19
Top