CVE-2023-7328

Screen SFT DAB 600/C <= 1.9.3 Unauthenticated Information Disclosure

CVSS 6.9 MEDIUMEPSS 0.3%CWE-306

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.9EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

14 Nov 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

DB Elettronica Telecomunicazioni SpA · Screen SFT DAB 600/C

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://packetstormsecurity.com/files/172332/https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/https://www.exploit-db.com/exploits/51460 https://www.vulncheck.com/advisories/screen-sft-dab-600c-unauthenticated-information-disclosure https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5776.php