CVE-2023-38030

Name of the Vulnerable Software and Affected Versions Saho attendance devices ADM100 and ADM-100FP (affected versions not specified)

Description The issue concerns missing authentication for critical functions, allowing an unauthenticated remote attacker to execute system commands in partial website URLs. This enables the attacker to read sensitive device information without permissions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.