CVE-2023-7328

Exploit

EPSS 0.06%
Veröffentlicht 14.11.2025 22:51:05
Zuletzt bearbeitet 26.12.2025 16:45:24
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dbbroadcast ≫ Sft Dab 600/c Firmware Version <= 1.9.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.202

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
disclosure@vulncheck.com	6.9	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://www.exploit-db.com/exploits/51460

Exploit

https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/

Product

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5776.php

Third Party Advisory

Exploit

https://packetstormsecurity.com/files/172332/

Third Party Advisory

https://www.vulncheck.com/advisories/screen-sft-dab-600c-unauthenticated-information-disclosure

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-7328