CVE-2023-53969

critical

Description

Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to change user passwords without proper authentication.

References

https://www.vulncheck.com/advisories/screen-sft-dab-c-firmware-authentication-bypass-password-change

https://www.exploit-db.com/exploits/51456

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5772.php

https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/

https://www.dbbroadcast.com

Details

Source: Mitre, NVD

Published: 2025-12-22

Updated: 2025-12-26

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

CVSS v4

Base Score: 9.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: Critical

EPSS

EPSS: 0.00061