CVE-2023-53970

EUVD-2023-60232
Screen SFT DAB 600/C Firmware 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP-bound session identifiers. Attackers can exploit the vulnerable deviceManagement API endpoint to reset device configurations by sending crafted POST requests with manipulated session parameters.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
VulnCheckCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
dbbroadcastsft_dab_600\/c_firmware
1.9.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.dbbroadcast.com
https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/
https://www.exploit-db.com/exploits/51459
https://www.vulncheck.com/advisories/screen-sft-dab-c-firmware-authentication-bypass-reset-board-config
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5775.php
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5775.php