CVE-2023-53741
Severity CVSS v4.0:
MEDIUM
Type:
Unavailable / Other
Publication date:
10/12/2025
Last modified:
18/12/2025
Description
Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing established sessions to remove user accounts without proper authorization.
Impact
Base Score 4.0
5.10
Severity 4.0
MEDIUM
Base Score 3.x
8.10
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:dbbroadcast:sft_dab_015\/c_firmware:1.9.3:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dbbroadcast:sft_dab_015\/c:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dbbroadcast:sft_dab_050\/c_firmware:1.9.3:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dbbroadcast:sft_dab_050\/c:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dbbroadcast:sft_dab_150\/c_firmware:1.9.3:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dbbroadcast:sft_dab_150\/c:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dbbroadcast:sft_dab_300\/c_firmware:1.9.3:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dbbroadcast:sft_dab_300\/c:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dbbroadcast:sft_dab_600\/c_firmware:1.9.3:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dbbroadcast:sft_dab_600\/c:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://www.dbbroadcast.com
- https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/
- https://www.exploit-db.com/exploits/51457
- https://www.screen.it
- https://www.vulncheck.com/advisories/screen-sft-dab-authentication-bypass-via-ip-session-management
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5773.php
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5773.php