CVE-2023-53776

EUVD-2023-60183
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to exploit weak session management by reusing IP-bound session identifiers. Attackers can issue unauthorized requests to the device management API by leveraging the session binding mechanism to perform critical operations on the transmitter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
Affected Products (NVD)
VendorProductVersion
dbbroadcastsft_dab_600\/c_firmware
1.9.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.dbbroadcast.com
https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/
https://www.exploit-db.com/exploits/51459
https://www.screen.it
https://www.vulncheck.com/advisories/screen-sft-dab-authentication-bypass-via-session-management-weakness
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5775.php
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5775.php