Vulnerability Details CVE-2023-53741
Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing established sessions to remove user accounts without proper authorization.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.8%
CVSS Severity
CVSS v3 Score 8.1
References
- https://www.dbbroadcast.com
- https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/
- https://www.exploit-db.com/exploits/51457
- https://www.screen.it
- https://www.vulncheck.com/advisories/screen-sft-dab-authentication-bypass-via-ip-session-management
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5773.php
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5773.php
Products affected by CVE-2023-53741
-
cpe:2.3:h:dbbroadcast:sft_dab_015/c:-
-
cpe:2.3:h:dbbroadcast:sft_dab_050/c:-
-
cpe:2.3:h:dbbroadcast:sft_dab_150/c:-
-
cpe:2.3:h:dbbroadcast:sft_dab_300/c:-
-
cpe:2.3:h:dbbroadcast:sft_dab_600/c:-
-
cpe:2.3:o:dbbroadcast:sft_dab_015/c_firmware:1.9.3
-
cpe:2.3:o:dbbroadcast:sft_dab_050/c_firmware:1.9.3
-
cpe:2.3:o:dbbroadcast:sft_dab_150/c_firmware:1.9.3
-
cpe:2.3:o:dbbroadcast:sft_dab_300/c_firmware:1.9.3
-
cpe:2.3:o:dbbroadcast:sft_dab_600/c_firmware:1.9.3