CVE-2023-38028

Summary

Saho’s attendance devices ADM100 and ADM-100FP have insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication to read system information and operate user's data, but can’t control system or disrupt service.

Affected Software

VendorProductVersion RangeStatus
SahoADM1000.0.4.0affected
SahoADM1000.0.4.3affected
SahoADM1000.0.4.6affected
SahoADM1000.0.4.8affected
SahoADM100Q20100602affected
SahoADM100T17041702affected
SahoADM100T18051803affected
SahoADM100T190affected
SahoADM-100FPQ20100602affected
SahoADM-100FPT17041702affected
SahoADM-100FPT18051803affected
SahoADM-100FPT190affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References