Vulnerability Description
Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing established sessions to remove user accounts without proper authorization.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dbbroadcast | Sft Dab 015\/C Firmware | 1.9.3 |
| Dbbroadcast | Sft Dab 015\/C | - |
| Dbbroadcast | Sft Dab 050\/C Firmware | 1.9.3 |
| Dbbroadcast | Sft Dab 050\/C | - |
| Dbbroadcast | Sft Dab 150\/C Firmware | 1.9.3 |
| Dbbroadcast | Sft Dab 150\/C | - |
| Dbbroadcast | Sft Dab 300\/C Firmware | 1.9.3 |
| Dbbroadcast | Sft Dab 300\/C | - |
| Dbbroadcast | Sft Dab 600\/C Firmware | 1.9.3 |
| Dbbroadcast | Sft Dab 600\/C | - |
Related Weaknesses (CWE)
References
- https://www.dbbroadcast.comProduct
- https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/Product
- https://www.exploit-db.com/exploits/51457ExploitThird Party Advisory
- https://www.screen.itProduct
- https://www.vulncheck.com/advisories/screen-sft-dab-authentication-bypass-via-ipThird Party Advisory
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5773.phpThird Party Advisory
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5773.phpThird Party Advisory
FAQ
What is CVE-2023-53741?
CVE-2023-53741 is a vulnerability with a CVSS score of 8.1 (HIGH). Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the...
How severe is CVE-2023-53741?
CVE-2023-53741 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-53741?
Check the references section above for vendor advisories and patch information. Affected products include: Dbbroadcast Sft Dab 015\/C Firmware, Dbbroadcast Sft Dab 015\/C, Dbbroadcast Sft Dab 050\/C Firmware, Dbbroadcast Sft Dab 050\/C, Dbbroadcast Sft Dab 150\/C Firmware.