← Volver a CVEs

CVE-2023-53968

CRITICAL

9.8

Descripcion

Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to remove user accounts without proper authentication.

Detalles CVE

Puntuacion CVSS v3.19.8

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado12/22/2025

Ultima modificacion12/26/2025

Fuentenvd

Avistamientos honeypot0

Productos afectados

dbbroadcast:sft_dab_600\/cdbbroadcast:sft_dab_600\/c_firmware

Debilidades (CWE)

CWE-306

Referencias

https://www.dbbroadcast.com(disclosure@vulncheck.com)

https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/(disclosure@vulncheck.com)

https://www.exploit-db.com/exploits/51457(disclosure@vulncheck.com)

https://www.vulncheck.com/advisories/screen-sft-dab-c-firmware-authentication-bypass-erase-account(disclosure@vulncheck.com)

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5773.php(disclosure@vulncheck.com)

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5773.php(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.