Vulnerability Description
Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dbbroadcast | Sft Dab 600\/C Firmware | <= 1.9.3 |
| Dbbroadcast | Sft Dab 600\/C | - |
Related Weaknesses (CWE)
References
- https://packetstormsecurity.com/files/172332/Third Party Advisory
- https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/Product
- https://www.exploit-db.com/exploits/51460Exploit
- https://www.vulncheck.com/advisories/screen-sft-dab-600c-unauthenticated-informaThird Party Advisory
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5776.phpExploitThird Party Advisory
- https://www.exploit-db.com/exploits/51460Exploit
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5776.phpExploitThird Party Advisory
FAQ
What is CVE-2023-7328?
CVE-2023-7328 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, includi...
How severe is CVE-2023-7328?
CVE-2023-7328 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-7328?
Check the references section above for vendor advisories and patch information. Affected products include: Dbbroadcast Sft Dab 600\/C Firmware, Dbbroadcast Sft Dab 600\/C.