CVE-2023-53776

Summary

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to exploit weak session management by reusing IP-bound session identifiers. Attackers can issue unauthorized requests to the device management API by leveraging the session binding mechanism to perform critical operations on the transmitter.

Affected Software

VendorProductVersion RangeStatus
DB Elettronica Telecomunicazioni SpAScreen SFT DAB Series - Compact Radio DAB Transmitter1.9.3affected

Weaknesses

  • CWE-384: CWE-384: Session Fixation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References