← back
CVE-2023-7328

Screen SFT DAB 600/C <= 1.9.3 Unauthenticated Information Disclosure

CVSS 6.9 MEDIUMEPSS 0.3%CWE-306
Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
DB Elettronica Telecomunicazioni SpA · Screen SFT DAB 600/C

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://packetstormsecurity.com/files/172332/https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/https://www.exploit-db.com/exploits/51460https://www.vulncheck.com/advisories/screen-sft-dab-600c-unauthenticated-information-disclosurehttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5776.php