CVE-2023-53740

HIGH EPSS 52.2%
Published Dec 10, 20256mo ago · Modified Jun 17, 20261w ago
8.6 CVSS 4.0
High
Find Similar
Published Dec 10, 2025 6mo ago
Last Modified Jun 17, 2026 1w ago

Description

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify the admin account.

CVSS Details

Base Score
8.6
Exploitability
Impact
Vector string
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Adjacent
Attack Complexity Low
Privileges Required None
User Interaction P
Scope X

Threat Intelligence

EPSS Exploit Probability
52.2% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-862 Missing Authorization Authorization

Affected Products 10

VendorProductVersionRange
dbbroadcastsft_dab_015\/c_firmware1.9.3any
dbbroadcastsft_dab_015\/c*any
dbbroadcastsft_dab_050\/c_firmware1.9.3any
dbbroadcastsft_dab_050\/c*any
dbbroadcastsft_dab_150\/c_firmware1.9.3any
dbbroadcastsft_dab_150\/c*any
dbbroadcastsft_dab_300\/c_firmware1.9.3any
dbbroadcastsft_dab_300\/c*any
dbbroadcastsft_dab_600\/c_firmware1.9.3any
dbbroadcastsft_dab_600\/c*any

References 6

  • dbbroadcast.com https://www.dbbroadcast.com
    Product
  • dbbroadcast.com https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/
    Product
  • exploit-db.com https://www.exploit-db.com/exploits/51458
    ExploitThird Party Advisory
  • screen.it https://www.screen.it
    Product
  • vulncheck.com https://www.vulncheck.com/advisories/screen-sft-dab-authentication-bypass-via-admin-password-change
    Third Party Advisory
  • zeroscience.mk https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5774.php
    ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.