CVE-2023-7328

Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
VulnCheckCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://packetstormsecurity.com/files/172332/
https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/
https://www.exploit-db.com/exploits/51460
https://www.vulncheck.com/advisories/screen-sft-dab-600c-unauthenticated-information-disclosure
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5776.php