← voltar
CVE-2023-53740

Screen SFT DAB 1.9.3 Authentication Bypass via Admin Password Change

CVSS 8.6 HIGHEPSS 0.8%CWE-862
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8.6EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
10 dez 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify the admin account.
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
Produtos afetados
DB Elettronica Telecomunicazioni SpA · Screen SFT DAB Series - Compact Radio DAB Transmitter

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.dbbroadcast.comhttps://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/https://www.exploit-db.com/exploits/51458https://www.screen.ithttps://www.vulncheck.com/advisories/screen-sft-dab-authentication-bypass-via-admin-password-changehttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5774.php