CVE-2023-7328

Medium CVSS: 6.9

Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values.

Vendor

Dbbroadcast

Product

Sft Dab 600\/c Firmware

CWE

CWE-306

Yayın Tarihi

2025-11-14 23:15:43

Güncelleme

2025-12-26 16:45:24

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-306 Sft Dab 600\/c Firmware MEDIUM Dbbroadcast 2025

Referanslar

https://packetstormsecurity.com/files/172332/ https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/ https://www.exploit-db.com/exploits/51460 https://www.vulncheck.com/advisories/screen-sft-dab-600c-unauthenticated-information-disclosure https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5776.php https://www.exploit-db.com/exploits/51460 https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5776.php

Benzer Kayıtlar

Critical

CVE-2023-53967

Screen SFT DAB 600/C firmware 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the…

Critical

CVE-2023-53968

Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authenti…

Critical

CVE-2023-53969

Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authenti…

High

CVE-2023-53970

Screen SFT DAB 600/C Firmware 1.9.3 contains a weak session management vulnerability that allows attackers to bypass aut…

High

CVE-2023-53776

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to exploit weak session manag…

High

CVE-2023-53775

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change user passwords by e…