Описание
Saho’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for critical functions. An unauthenticated remote attacker can execute system commands in partial website URLs to read sensitive device information without permissions.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:saho:adm-100_firmware:0.0.4.0:*:*:*:*:*:*:*
cpe:2.3:o:saho:adm-100_firmware:0.0.4.3:*:*:*:*:*:*:*
cpe:2.3:o:saho:adm-100_firmware:0.0.4.6:*:*:*:*:*:*:*
cpe:2.3:o:saho:adm-100_firmware:0.0.4.8:*:*:*:*:*:*:*
cpe:2.3:o:saho:adm-100_firmware:q20100602:*:*:*:*:*:*:*
cpe:2.3:o:saho:adm-100_firmware:t190:*:*:*:*:*:*:*
cpe:2.3:o:saho:adm-100_firmware:t17041702:*:*:*:*:*:*:*
cpe:2.3:o:saho:adm-100_firmware:t18051803:*:*:*:*:*:*:*
cpe:2.3:h:saho:adm-100:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
Одно из
cpe:2.3:o:saho:adm-100fp_firmware:q20100602:*:*:*:*:*:*:*
cpe:2.3:o:saho:adm-100fp_firmware:t190:*:*:*:*:*:*:*
cpe:2.3:o:saho:adm-100fp_firmware:t17041702:*:*:*:*:*:*:*
cpe:2.3:o:saho:adm-100fp_firmware:t18051803:*:*:*:*:*:*:*
cpe:2.3:h:saho:adm-100fp:-:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.00129
Низкий
7.5 High
CVSS3
Дефекты
CWE-306
CWE-306
Связанные уязвимости
CVSS3: 7.5
github
больше 2 лет назад
Saho’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for critical functions. An unauthenticated remote attacker can execute system commands in partial website URLs to read sensitive device information without permissions.
EPSS
Процентиль: 33%
0.00129
Низкий
7.5 High
CVSS3
Дефекты
CWE-306
CWE-306