CVE-2023-53741

MEDIUM EPSS 47.1%
Published Dec 10, 20256mo ago · Modified Jun 17, 20261w ago
5.1 CVSS 4.0
Medium
Find Similar
Published Dec 10, 2025 6mo ago
Last Modified Jun 17, 2026 1w ago

Description

Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing established sessions to remove user accounts without proper authorization.

CVSS Details

Base Score
5.1
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction P
Scope X

Threat Intelligence

EPSS Exploit Probability
47.1% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-384

Affected Products 10

VendorProductVersionRange
dbbroadcastsft_dab_015\/c_firmware1.9.3any
dbbroadcastsft_dab_015\/c*any
dbbroadcastsft_dab_050\/c_firmware1.9.3any
dbbroadcastsft_dab_050\/c*any
dbbroadcastsft_dab_150\/c_firmware1.9.3any
dbbroadcastsft_dab_150\/c*any
dbbroadcastsft_dab_300\/c_firmware1.9.3any
dbbroadcastsft_dab_300\/c*any
dbbroadcastsft_dab_600\/c_firmware1.9.3any
dbbroadcastsft_dab_600\/c*any

References 6

  • dbbroadcast.com https://www.dbbroadcast.com
    Product
  • dbbroadcast.com https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/
    Product
  • exploit-db.com https://www.exploit-db.com/exploits/51457
    ExploitThird Party Advisory
  • screen.it https://www.screen.it
    Product
  • vulncheck.com https://www.vulncheck.com/advisories/screen-sft-dab-authentication-bypass-via-ip-session-management
    Third Party Advisory
  • zeroscience.mk https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5773.php
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.