Search criteria
8 vulnerabilities found for Screen SFT DAB Series - Compact Radio DAB Transmitter by DB Elettronica Telecomunicazioni SpA
CVE-2023-53776 (GCVE-0-2023-53776)
Vulnerability from nvd – Published: 2025-12-10 21:12 – Updated: 2025-12-11 18:52
VLAI?
Title
Screen SFT DAB 1.9.3 Authentication Bypass via Session Management Weakness
Summary
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to exploit weak session management by reusing IP-bound session identifiers. Attackers can issue unauthorized requests to the device management API by leveraging the session binding mechanism to perform critical operations on the transmitter.
Severity ?
CWE
- CWE-384 - Session Fixation
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| DB Elettronica Telecomunicazioni SpA | Screen SFT DAB Series - Compact Radio DAB Transmitter |
Affected:
1.9.3
|
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-53776",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T15:51:19.178152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T18:52:05.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5775.php"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Screen SFT DAB Series - Compact Radio DAB Transmitter",
"vendor": "DB Elettronica Telecomunicazioni SpA",
"versions": [
{
"status": "affected",
"version": "1.9.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eScreen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to exploit weak session management by reusing IP-bound session identifiers. Attackers can issue unauthorized requests to the device management API by leveraging the session binding mechanism to perform critical operations on the transmitter.\u003c/p\u003e"
}
],
"value": "Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to exploit weak session management by reusing IP-bound session identifiers. Attackers can issue unauthorized requests to the device management API by leveraging the session binding mechanism to perform critical operations on the transmitter."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384: Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T21:12:22.042Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-51459",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51459"
},
{
"name": "Product Homepage",
"tags": [
"product"
],
"url": "https://www.screen.it"
},
{
"name": "Vendor Homepage",
"tags": [
"product"
],
"url": "https://www.dbbroadcast.com"
},
{
"name": "Product Homepage",
"tags": [
"product"
],
"url": "https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/"
},
{
"name": "Vendor Advisory URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5775.php"
},
{
"name": "VulnCheck Advisory: Screen SFT DAB 1.9.3 Authentication Bypass via Session Management Weakness",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/screen-sft-dab-authentication-bypass-via-session-management-weakness"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Screen SFT DAB 1.9.3 Authentication Bypass via Session Management Weakness",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-53776",
"datePublished": "2025-12-10T21:12:22.042Z",
"dateReserved": "2025-12-08T23:43:00.993Z",
"dateUpdated": "2025-12-11T18:52:05.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-53775 (GCVE-0-2023-53775)
Vulnerability from nvd – Published: 2025-12-10 21:08 – Updated: 2025-12-11 18:52
VLAI?
Title
Screen SFT DAB 1.9.3 Authentication Bypass via Session Management Weakness
Summary
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change user passwords by exploiting weak session management controls. Attackers can reuse IP-bound session identifiers to issue unauthorized requests to the userManager API and modify user credentials without proper authentication.
Severity ?
CWE
- CWE-384 - Session Fixation
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| DB Elettronica Telecomunicazioni SpA | Screen SFT DAB Series - Compact Radio DAB Transmitter |
Affected:
1.9.3
|
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-53775",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T15:51:37.611257Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T18:52:11.478Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5772.php"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Screen SFT DAB Series - Compact Radio DAB Transmitter",
"vendor": "DB Elettronica Telecomunicazioni SpA",
"versions": [
{
"status": "affected",
"version": "1.9.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eScreen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change user passwords by exploiting weak session management controls. Attackers can reuse IP-bound session identifiers to issue unauthorized requests to the userManager API and modify user credentials without proper authentication.\u003c/p\u003e"
}
],
"value": "Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change user passwords by exploiting weak session management controls. Attackers can reuse IP-bound session identifiers to issue unauthorized requests to the userManager API and modify user credentials without proper authentication."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384: Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T21:08:11.707Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-51456",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51456"
},
{
"name": "Screen Product Homepage",
"tags": [
"product"
],
"url": "https://www.screen.it"
},
{
"name": "DB Broadcast Official Product Page",
"tags": [
"product"
],
"url": "https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/"
},
{
"name": "DB Broadcast Website",
"tags": [
"product"
],
"url": "https://www.dbbroadcast.com"
},
{
"name": "Zero Science Advisory URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5772.php"
},
{
"name": "VulnCheck Advisory: Screen SFT DAB 1.9.3 Authentication Bypass via Session Management Weakness",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/screen-sft-dab-authentication-bypass-via-user-password-change"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Screen SFT DAB 1.9.3 Authentication Bypass via Session Management Weakness",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-53775",
"datePublished": "2025-12-10T21:08:11.707Z",
"dateReserved": "2025-12-08T23:43:00.992Z",
"dateUpdated": "2025-12-11T18:52:11.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-53741 (GCVE-0-2023-53741)
Vulnerability from nvd – Published: 2025-12-10 21:06 – Updated: 2025-12-18 20:14
VLAI?
Title
Screen SFT DAB 1.9.3 Authentication Bypass via IP Session Management
Summary
Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing established sessions to remove user accounts without proper authorization.
Severity ?
CWE
- CWE-384 - Session Fixation
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| DB Elettronica Telecomunicazioni SpA | Screen SFT DAB Series - Compact Radio DAB Transmitter |
Affected:
1.9.3
|
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-53741",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T15:51:54.759556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T18:52:17.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5773.php"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Screen SFT DAB Series - Compact Radio DAB Transmitter",
"vendor": "DB Elettronica Telecomunicazioni SpA",
"versions": [
{
"status": "affected",
"version": "1.9.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eScreen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing established sessions to remove user accounts without proper authorization.\u003c/p\u003e"
}
],
"value": "Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing established sessions to remove user accounts without proper authorization."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384: Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T20:14:50.852Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-51457",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51457"
},
{
"name": "Product Homepage",
"tags": [
"product"
],
"url": "https://www.screen.it"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/"
},
{
"name": "Vendor Homepage",
"tags": [
"vendor-advisory",
"vdb-entry"
],
"url": "https://www.dbbroadcast.com"
},
{
"name": "Vendor Security Advisory for ZSL-2023-5773",
"tags": [
"vendor-advisory",
"vdb-entry"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5773.php"
},
{
"name": "VulnCheck Advisory: Screen SFT DAB 1.9.3 Authentication Bypass via IP Session Management",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/screen-sft-dab-authentication-bypass-via-ip-session-management"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Screen SFT DAB 1.9.3 Authentication Bypass via IP Session Management",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-53741",
"datePublished": "2025-12-10T21:06:59.907Z",
"dateReserved": "2025-12-07T13:16:38.432Z",
"dateUpdated": "2025-12-18T20:14:50.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-53740 (GCVE-0-2023-53740)
Vulnerability from nvd – Published: 2025-12-10 21:06 – Updated: 2025-12-11 18:52
VLAI?
Title
Screen SFT DAB 1.9.3 Authentication Bypass via Admin Password Change
Summary
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify the admin account.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| DB Elettronica Telecomunicazioni SpA | Screen SFT DAB Series - Compact Radio DAB Transmitter |
Affected:
1.9.3
|
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-53740",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T15:52:11.630383Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T18:52:23.204Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5774.php"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Screen SFT DAB Series - Compact Radio DAB Transmitter",
"vendor": "DB Elettronica Telecomunicazioni SpA",
"versions": [
{
"status": "affected",
"version": "1.9.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eScreen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify the admin account.\u003c/p\u003e"
}
],
"value": "Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify the admin account."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T21:06:29.286Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-51458",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51458"
},
{
"name": "Product Homepage",
"tags": [
"product"
],
"url": "https://www.screen.it"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/"
},
{
"name": "Vendor Homepage",
"tags": [
"vendor-advisory",
"vdb-entry"
],
"url": "https://www.dbbroadcast.com"
},
{
"name": "Advisory URL",
"tags": [
"vendor-advisory",
"vdb-entry"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5774.php"
},
{
"name": "VulnCheck Advisory: Screen SFT DAB 1.9.3 Authentication Bypass via Admin Password Change",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/screen-sft-dab-authentication-bypass-via-admin-password-change"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Screen SFT DAB 1.9.3 Authentication Bypass via Admin Password Change",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-53740",
"datePublished": "2025-12-10T21:06:29.286Z",
"dateReserved": "2025-12-07T13:16:38.432Z",
"dateUpdated": "2025-12-11T18:52:23.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-53776 (GCVE-0-2023-53776)
Vulnerability from cvelistv5 – Published: 2025-12-10 21:12 – Updated: 2025-12-11 18:52
VLAI?
Title
Screen SFT DAB 1.9.3 Authentication Bypass via Session Management Weakness
Summary
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to exploit weak session management by reusing IP-bound session identifiers. Attackers can issue unauthorized requests to the device management API by leveraging the session binding mechanism to perform critical operations on the transmitter.
Severity ?
CWE
- CWE-384 - Session Fixation
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| DB Elettronica Telecomunicazioni SpA | Screen SFT DAB Series - Compact Radio DAB Transmitter |
Affected:
1.9.3
|
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-53776",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T15:51:19.178152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T18:52:05.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5775.php"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Screen SFT DAB Series - Compact Radio DAB Transmitter",
"vendor": "DB Elettronica Telecomunicazioni SpA",
"versions": [
{
"status": "affected",
"version": "1.9.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eScreen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to exploit weak session management by reusing IP-bound session identifiers. Attackers can issue unauthorized requests to the device management API by leveraging the session binding mechanism to perform critical operations on the transmitter.\u003c/p\u003e"
}
],
"value": "Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to exploit weak session management by reusing IP-bound session identifiers. Attackers can issue unauthorized requests to the device management API by leveraging the session binding mechanism to perform critical operations on the transmitter."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384: Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T21:12:22.042Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-51459",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51459"
},
{
"name": "Product Homepage",
"tags": [
"product"
],
"url": "https://www.screen.it"
},
{
"name": "Vendor Homepage",
"tags": [
"product"
],
"url": "https://www.dbbroadcast.com"
},
{
"name": "Product Homepage",
"tags": [
"product"
],
"url": "https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/"
},
{
"name": "Vendor Advisory URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5775.php"
},
{
"name": "VulnCheck Advisory: Screen SFT DAB 1.9.3 Authentication Bypass via Session Management Weakness",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/screen-sft-dab-authentication-bypass-via-session-management-weakness"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Screen SFT DAB 1.9.3 Authentication Bypass via Session Management Weakness",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-53776",
"datePublished": "2025-12-10T21:12:22.042Z",
"dateReserved": "2025-12-08T23:43:00.993Z",
"dateUpdated": "2025-12-11T18:52:05.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-53775 (GCVE-0-2023-53775)
Vulnerability from cvelistv5 – Published: 2025-12-10 21:08 – Updated: 2025-12-11 18:52
VLAI?
Title
Screen SFT DAB 1.9.3 Authentication Bypass via Session Management Weakness
Summary
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change user passwords by exploiting weak session management controls. Attackers can reuse IP-bound session identifiers to issue unauthorized requests to the userManager API and modify user credentials without proper authentication.
Severity ?
CWE
- CWE-384 - Session Fixation
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| DB Elettronica Telecomunicazioni SpA | Screen SFT DAB Series - Compact Radio DAB Transmitter |
Affected:
1.9.3
|
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-53775",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T15:51:37.611257Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T18:52:11.478Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5772.php"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Screen SFT DAB Series - Compact Radio DAB Transmitter",
"vendor": "DB Elettronica Telecomunicazioni SpA",
"versions": [
{
"status": "affected",
"version": "1.9.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eScreen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change user passwords by exploiting weak session management controls. Attackers can reuse IP-bound session identifiers to issue unauthorized requests to the userManager API and modify user credentials without proper authentication.\u003c/p\u003e"
}
],
"value": "Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change user passwords by exploiting weak session management controls. Attackers can reuse IP-bound session identifiers to issue unauthorized requests to the userManager API and modify user credentials without proper authentication."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384: Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T21:08:11.707Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-51456",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51456"
},
{
"name": "Screen Product Homepage",
"tags": [
"product"
],
"url": "https://www.screen.it"
},
{
"name": "DB Broadcast Official Product Page",
"tags": [
"product"
],
"url": "https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/"
},
{
"name": "DB Broadcast Website",
"tags": [
"product"
],
"url": "https://www.dbbroadcast.com"
},
{
"name": "Zero Science Advisory URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5772.php"
},
{
"name": "VulnCheck Advisory: Screen SFT DAB 1.9.3 Authentication Bypass via Session Management Weakness",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/screen-sft-dab-authentication-bypass-via-user-password-change"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Screen SFT DAB 1.9.3 Authentication Bypass via Session Management Weakness",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-53775",
"datePublished": "2025-12-10T21:08:11.707Z",
"dateReserved": "2025-12-08T23:43:00.992Z",
"dateUpdated": "2025-12-11T18:52:11.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-53741 (GCVE-0-2023-53741)
Vulnerability from cvelistv5 – Published: 2025-12-10 21:06 – Updated: 2025-12-18 20:14
VLAI?
Title
Screen SFT DAB 1.9.3 Authentication Bypass via IP Session Management
Summary
Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing established sessions to remove user accounts without proper authorization.
Severity ?
CWE
- CWE-384 - Session Fixation
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| DB Elettronica Telecomunicazioni SpA | Screen SFT DAB Series - Compact Radio DAB Transmitter |
Affected:
1.9.3
|
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-53741",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T15:51:54.759556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T18:52:17.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5773.php"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Screen SFT DAB Series - Compact Radio DAB Transmitter",
"vendor": "DB Elettronica Telecomunicazioni SpA",
"versions": [
{
"status": "affected",
"version": "1.9.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eScreen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing established sessions to remove user accounts without proper authorization.\u003c/p\u003e"
}
],
"value": "Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing established sessions to remove user accounts without proper authorization."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384: Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T20:14:50.852Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-51457",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51457"
},
{
"name": "Product Homepage",
"tags": [
"product"
],
"url": "https://www.screen.it"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/"
},
{
"name": "Vendor Homepage",
"tags": [
"vendor-advisory",
"vdb-entry"
],
"url": "https://www.dbbroadcast.com"
},
{
"name": "Vendor Security Advisory for ZSL-2023-5773",
"tags": [
"vendor-advisory",
"vdb-entry"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5773.php"
},
{
"name": "VulnCheck Advisory: Screen SFT DAB 1.9.3 Authentication Bypass via IP Session Management",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/screen-sft-dab-authentication-bypass-via-ip-session-management"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Screen SFT DAB 1.9.3 Authentication Bypass via IP Session Management",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-53741",
"datePublished": "2025-12-10T21:06:59.907Z",
"dateReserved": "2025-12-07T13:16:38.432Z",
"dateUpdated": "2025-12-18T20:14:50.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-53740 (GCVE-0-2023-53740)
Vulnerability from cvelistv5 – Published: 2025-12-10 21:06 – Updated: 2025-12-11 18:52
VLAI?
Title
Screen SFT DAB 1.9.3 Authentication Bypass via Admin Password Change
Summary
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify the admin account.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| DB Elettronica Telecomunicazioni SpA | Screen SFT DAB Series - Compact Radio DAB Transmitter |
Affected:
1.9.3
|
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-53740",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T15:52:11.630383Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T18:52:23.204Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5774.php"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Screen SFT DAB Series - Compact Radio DAB Transmitter",
"vendor": "DB Elettronica Telecomunicazioni SpA",
"versions": [
{
"status": "affected",
"version": "1.9.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eScreen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify the admin account.\u003c/p\u003e"
}
],
"value": "Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify the admin account."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T21:06:29.286Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-51458",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51458"
},
{
"name": "Product Homepage",
"tags": [
"product"
],
"url": "https://www.screen.it"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/"
},
{
"name": "Vendor Homepage",
"tags": [
"vendor-advisory",
"vdb-entry"
],
"url": "https://www.dbbroadcast.com"
},
{
"name": "Advisory URL",
"tags": [
"vendor-advisory",
"vdb-entry"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5774.php"
},
{
"name": "VulnCheck Advisory: Screen SFT DAB 1.9.3 Authentication Bypass via Admin Password Change",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/screen-sft-dab-authentication-bypass-via-admin-password-change"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Screen SFT DAB 1.9.3 Authentication Bypass via Admin Password Change",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-53740",
"datePublished": "2025-12-10T21:06:29.286Z",
"dateReserved": "2025-12-07T13:16:38.432Z",
"dateUpdated": "2025-12-11T18:52:23.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}