Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify the admin account.

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00258.

Exploitation poc

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Dbbroadcast
  • Sft Dab 015\/c
  • Sft Dab 015\/c Firmware
  • Sft Dab 050\/c
  • Sft Dab 050\/c Firmware
  • Sft Dab 150\/c
  • Sft Dab 150\/c Firmware
  • Sft Dab 300\/c
  • Sft Dab 300\/c Firmware
  • Sft Dab 600\/c
  • Sft Dab 600\/c Firmware
  • Sft Dab Series

Configuration 1 [-]

AND
cpe:2.3:o:dbbroadcast:sft_dab_015\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_015\/c:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:dbbroadcast:sft_dab_050\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_050\/c:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:dbbroadcast:sft_dab_150\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_150\/c:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:dbbroadcast:sft_dab_300\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_300\/c:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:dbbroadcast:sft_dab_600\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_600\/c:-:*:*:*:*:*:*:*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Dbbroadcast
  • Sft Dab Series
References
Link Providers
https://www.dbbroadcast.com cve-icon cve-icon
https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/ cve-icon cve-icon
https://www.exploit-db.com/exploits/51458 cve-icon cve-icon
https://www.screen.it cve-icon cve-icon
https://www.vulncheck.com/advisories/screen-sft-dab-authentication-bypass-via-admin-password-change cve-icon cve-icon
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5774.php cve-icon cve-icon cve-icon
History

Wed, 17 Dec 2025 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Dbbroadcast sft Dab 015\/c
Dbbroadcast sft Dab 015\/c Firmware
Dbbroadcast sft Dab 050\/c
Dbbroadcast sft Dab 050\/c Firmware
Dbbroadcast sft Dab 150\/c
Dbbroadcast sft Dab 150\/c Firmware
Dbbroadcast sft Dab 300\/c
Dbbroadcast sft Dab 300\/c Firmware
Dbbroadcast sft Dab 600\/c
Dbbroadcast sft Dab 600\/c Firmware
CPEs cpe:2.3:h:dbbroadcast:sft_dab_015\/c:-:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_050\/c:-:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_150\/c:-:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_300\/c:-:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_600\/c:-:*:*:*:*:*:*:*
cpe:2.3:o:dbbroadcast:sft_dab_015\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:o:dbbroadcast:sft_dab_050\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:o:dbbroadcast:sft_dab_150\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:o:dbbroadcast:sft_dab_300\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:o:dbbroadcast:sft_dab_600\/c_firmware:1.9.3:*:*:*:*:*:*:*
Vendors & Products Dbbroadcast sft Dab 015\/c
Dbbroadcast sft Dab 015\/c Firmware
Dbbroadcast sft Dab 050\/c
Dbbroadcast sft Dab 050\/c Firmware
Dbbroadcast sft Dab 150\/c
Dbbroadcast sft Dab 150\/c Firmware
Dbbroadcast sft Dab 300\/c
Dbbroadcast sft Dab 300\/c Firmware
Dbbroadcast sft Dab 600\/c
Dbbroadcast sft Dab 600\/c Firmware
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Thu, 11 Dec 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 11 Dec 2025 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Dbbroadcast
Dbbroadcast sft Dab Series
Vendors & Products Dbbroadcast
Dbbroadcast sft Dab Series

Wed, 10 Dec 2025 21:15:00 +0000

Type Values Removed Values Added
Description Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify the admin account.
Title Screen SFT DAB 1.9.3 Authentication Bypass via Admin Password Change
Weaknesses CWE-862
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N'}
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2025-12-11T18:52:23.204Z

Reserved: 2025-12-07T13:16:38.432Z

Link: CVE-2023-53740

cve-icon Vulnrichment

Updated: 2025-12-11T15:52:17.156Z

cve-icon NVD

Status : Analyzed

Published: 2025-12-10T21:16:03.233

Modified: 2025-12-17T18:59:09.727

Link: CVE-2023-53740

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-12-11T16:20:15Z