CVE-2023-7328

Screen SFT DAB 600/C <= 1.9.3 Unauthenticated Information Disclosure

CVSS 6.9 MEDIUMEPSS 0.3%CWE-306

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 6.9EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

14 nov 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Produtos afetados

DB Elettronica Telecomunicazioni SpA · Screen SFT DAB 600/C

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://packetstormsecurity.com/files/172332/https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/https://www.exploit-db.com/exploits/51460 https://www.vulncheck.com/advisories/screen-sft-dab-600c-unauthenticated-information-disclosure https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5776.php