Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing established sessions to remove user accounts without proper authorization.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00266.

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Dbbroadcast
  • Sft Dab 015\/c
  • Sft Dab 015\/c Firmware
  • Sft Dab 050\/c
  • Sft Dab 050\/c Firmware
  • Sft Dab 150\/c
  • Sft Dab 150\/c Firmware
  • Sft Dab 300\/c
  • Sft Dab 300\/c Firmware
  • Sft Dab 600\/c
  • Sft Dab 600\/c Firmware
  • Sft Dab Series

Configuration 1 [-]

AND
cpe:2.3:o:dbbroadcast:sft_dab_015\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_015\/c:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:dbbroadcast:sft_dab_050\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_050\/c:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:dbbroadcast:sft_dab_150\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_150\/c:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:dbbroadcast:sft_dab_300\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_300\/c:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:dbbroadcast:sft_dab_600\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_600\/c:-:*:*:*:*:*:*:*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Dbbroadcast
  • Sft Dab Series
References
Link Providers
https://www.dbbroadcast.com cve-icon cve-icon
https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/ cve-icon cve-icon
https://www.exploit-db.com/exploits/51457 cve-icon cve-icon
https://www.screen.it cve-icon cve-icon
https://www.vulncheck.com/advisories/screen-sft-dab-authentication-bypass-via-ip-session-management cve-icon cve-icon
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5773.php cve-icon cve-icon cve-icon
History

Thu, 18 Dec 2025 20:30:00 +0000

Type Values Removed Values Added
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N'}

 cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N'}

Wed, 17 Dec 2025 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Dbbroadcast sft Dab 015\/c
Dbbroadcast sft Dab 015\/c Firmware
Dbbroadcast sft Dab 050\/c
Dbbroadcast sft Dab 050\/c Firmware
Dbbroadcast sft Dab 150\/c
Dbbroadcast sft Dab 150\/c Firmware
Dbbroadcast sft Dab 300\/c
Dbbroadcast sft Dab 300\/c Firmware
Dbbroadcast sft Dab 600\/c
Dbbroadcast sft Dab 600\/c Firmware
CPEs cpe:2.3:h:dbbroadcast:sft_dab_015\/c:-:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_050\/c:-:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_150\/c:-:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_300\/c:-:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_600\/c:-:*:*:*:*:*:*:*
cpe:2.3:o:dbbroadcast:sft_dab_015\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:o:dbbroadcast:sft_dab_050\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:o:dbbroadcast:sft_dab_150\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:o:dbbroadcast:sft_dab_300\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:o:dbbroadcast:sft_dab_600\/c_firmware:1.9.3:*:*:*:*:*:*:*
Vendors & Products Dbbroadcast sft Dab 015\/c
Dbbroadcast sft Dab 015\/c Firmware
Dbbroadcast sft Dab 050\/c
Dbbroadcast sft Dab 050\/c Firmware
Dbbroadcast sft Dab 150\/c
Dbbroadcast sft Dab 150\/c Firmware
Dbbroadcast sft Dab 300\/c
Dbbroadcast sft Dab 300\/c Firmware
Dbbroadcast sft Dab 600\/c
Dbbroadcast sft Dab 600\/c Firmware
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H'}

Thu, 11 Dec 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 11 Dec 2025 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Dbbroadcast
Dbbroadcast sft Dab Series
Vendors & Products Dbbroadcast
Dbbroadcast sft Dab Series

Wed, 10 Dec 2025 21:15:00 +0000

Type Values Removed Values Added
Description Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing established sessions to remove user accounts without proper authorization.
Title Screen SFT DAB 1.9.3 Authentication Bypass via IP Session Management
Weaknesses CWE-384
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N'}
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2025-12-18T20:14:50.852Z

Reserved: 2025-12-07T13:16:38.432Z

Link: CVE-2023-53741

cve-icon Vulnrichment

Updated: 2025-12-11T15:52:00.860Z

cve-icon NVD

Status : Modified

Published: 2025-12-10T21:16:03.420

Modified: 2025-12-18T21:15:50.460

Link: CVE-2023-53741

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-12-11T16:20:14Z