Detections
Analytics

CVE-2023-53968

critical

Description

Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to remove user accounts without proper authentication.

References

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5773.php

https://www.vulncheck.com/advisories/screen-sft-dab-c-firmware-authentication-bypass-erase-account

https://www.exploit-db.com/exploits/51457

https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/

https://www.dbbroadcast.com

Details

Source: Mitre, NVD

Published: 2025-12-22

Updated: 2025-12-26

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

CVSS v4

Base Score: 9.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: Critical

EPSS

EPSS: 0.00084