CVE-2023-53741

EUVD-2023-60185
Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing established sessions to remove user accounts without proper authorization.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
Affected Products (NVD)
VendorProductVersion
dbbroadcastsft_dab_015\/c_firmware
1.9.3
dbbroadcastsft_dab_050\/c_firmware
1.9.3
dbbroadcastsft_dab_150\/c_firmware
1.9.3
dbbroadcastsft_dab_300\/c_firmware
1.9.3
dbbroadcastsft_dab_600\/c_firmware
1.9.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.dbbroadcast.com
https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/
https://www.exploit-db.com/exploits/51457
https://www.screen.it
https://www.vulncheck.com/advisories/screen-sft-dab-authentication-bypass-via-ip-session-management
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5773.php
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5773.php