{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T04:25:07.725","vulnerabilities":[{"cve":{"id":"CVE-2023-38029","sourceIdentifier":"twcert@cert.org.tw","published":"2023-08-28T06:15:07.857","lastModified":"2024-11-21T08:12:42.400","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"\nSaho’s attendance devices ADM100 and ADM-100FP has insufficient filtering for special characters and file type within their file uploading function. A unauthenticate remote attacker authenticated can upload and execute arbitrary files to perform arbitrary system commands or disrupt service.\n\n"}],"metrics":{"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:saho:adm-100_firmware:0.0.4.0:*:*:*:*:*:*:*","matchCriteriaId":"51D8D874-7C51-41E7-9689-E795DE1360D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:saho:adm-100_firmware:0.0.4.3:*:*:*:*:*:*:*","matchCriteriaId":"50C72BE7-0E40-4F1A-86D6-15E8C78121C8"},{"vulnerable":true,"criteria":"cpe:2.3:o:saho:adm-100_firmware:0.0.4.6:*:*:*:*:*:*:*","matchCriteriaId":"5EB5DA1F-3BED-4F23-9FA1-C65F6C59235B"},{"vulnerable":true,"criteria":"cpe:2.3:o:saho:adm-100_firmware:0.0.4.8:*:*:*:*:*:*:*","matchCriteriaId":"BE08CF54-2259-40AF-B68C-F3498133F490"},{"vulnerable":true,"criteria":"cpe:2.3:o:saho:adm-100_firmware:q20100602:*:*:*:*:*:*:*","matchCriteriaId":"28AF1652-9D3F-45F6-969D-FA0D7F688F12"},{"vulnerable":true,"criteria":"cpe:2.3:o:saho:adm-100_firmware:t190:*:*:*:*:*:*:*","matchCriteriaId":"825B2F91-8AC9-4543-9BD8-26760B5F6587"},{"vulnerable":true,"criteria":"cpe:2.3:o:saho:adm-100_firmware:t17041702:*:*:*:*:*:*:*","matchCriteriaId":"176C1D07-D975-4CF8-B54C-16366DF1C848"},{"vulnerable":true,"criteria":"cpe:2.3:o:saho:adm-100_firmware:t18051803:*:*:*:*:*:*:*","matchCriteriaId":"BA65B75F-139F-4BC6-A5AB-EA74FFE5966A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:saho:adm-100:-:*:*:*:*:*:*:*","matchCriteriaId":"AA638ECA-B29C-415D-99E7-217D16473C37"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:saho:adm-100fp_firmware:q20100602:*:*:*:*:*:*:*","matchCriteriaId":"D6612C85-1259-4435-BEB1-DC5ADC8D620D"},{"vulnerable":true,"criteria":"cpe:2.3:o:saho:adm-100fp_firmware:t190:*:*:*:*:*:*:*","matchCriteriaId":"EC7D1DBE-4976-47A4-951B-39B5C9B8736A"},{"vulnerable":true,"criteria":"cpe:2.3:o:saho:adm-100fp_firmware:t17041702:*:*:*:*:*:*:*","matchCriteriaId":"C9487774-CE30-4C04-B296-70B3A73225C7"},{"vulnerable":true,"criteria":"cpe:2.3:o:saho:adm-100fp_firmware:t18051803:*:*:*:*:*:*:*","matchCriteriaId":"D0E10BD2-D64F-49F9-8409-A56AC2E0FD57"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:saho:adm-100fp:-:*:*:*:*:*:*:*","matchCriteriaId":"295DF46C-15E0-47A3-8F21-A48F670C0496"}]}]}],"references":[{"url":"https://www.twcert.org.tw/tw/cp-132-7336-35a94-1.html","source":"twcert@cert.org.tw","tags":["Third Party Advisory"]},{"url":"https://www.twcert.org.tw/tw/cp-132-7336-35a94-1.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}