← voltar
CVE-2023-7328

Screen SFT DAB 600/C <= 1.9.3 Unauthenticated Information Disclosure

CVSS 6.9 MEDIUMEPSS 0.3%CWE-306
Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Produtos afetados
DB Elettronica Telecomunicazioni SpA · Screen SFT DAB 600/C

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://packetstormsecurity.com/files/172332/https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/https://www.exploit-db.com/exploits/51460https://www.vulncheck.com/advisories/screen-sft-dab-600c-unauthenticated-information-disclosurehttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5776.php