CVE-2023-53969

Critical CVSS: 9.3

Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to change user passwords without proper authentication.

Vendor

Dbbroadcast

Product

Sft Dab 600\/c Firmware

CWE

CWE-306

Yayın Tarihi

2025-12-22 22:16:01

Güncelleme

2025-12-26 16:50:55

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-306 Sft Dab 600\/c Firmware CRITICAL Dbbroadcast 2025

Referanslar

https://www.dbbroadcast.com https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/ https://www.exploit-db.com/exploits/51456 https://www.vulncheck.com/advisories/screen-sft-dab-c-firmware-authentication-bypass-password-change https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5772.php https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5772.php

Benzer Kayıtlar

Critical

CVE-2023-53967

Screen SFT DAB 600/C firmware 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the…

Critical

CVE-2023-53968

Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authenti…

High

CVE-2023-53970

Screen SFT DAB 600/C Firmware 1.9.3 contains a weak session management vulnerability that allows attackers to bypass aut…

High

CVE-2023-53776

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to exploit weak session manag…

High

CVE-2023-53775

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change user passwords by e…

High

CVE-2023-53740

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password…