49 matches found
EUVD-2023-60230
Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to remove user accounts...
CVE-2023-53969
Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to change user passwords...
CVE-2023-53969
Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to change user passwords...
CVE-2023-53968
Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to remove user accounts...
CVE-2023-53968
Affected product: Screen SFT DAB 600/C firmware 1.9.3. Vulnerability: session management flaw that binds sessions to IP addresses, enabling authentication bypass. An attacker can reuse the same IP to issue unauthorized requests to the userManager API and remove user accounts without proper authen...
DB Elettronica Screen SFT DAB 600/C 访问控制错误漏洞
The DB Elettronica Screen SFT DAB 600/C is a digital audio broadcast transmitter from DB Elettronica, Italy. An access control error vulnerability exists in the DB Elettronica Screen SFT DAB 600/C version 1.9.3, which stems from the fact that improper session management could result in a password...
PT-2025-52705
Name of the Vulnerable Software and Affected Versions Screen SFT DAB 600/C version 1.9.3 Description Screen SFT DAB 600/C Firmware version 1.9.3 contains a session management issue that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reus...
PT-2025-52704
Name of the Vulnerable Software and Affected Versions Screen SFT DAB 600/C version 1.9.3 Description The Screen SFT DAB 600/C firmware contains a flaw that permits unauthorized modification of the administrator password without current credentials. An attacker can exploit this by sending a...
CVE-2023-53775
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change user passwords by exploiting weak session management controls. Attackers can reuse IP-bound session identifiers to issue unauthorized requests to the userManager API and modify user credentials...
CVE-2023-53740
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify...
CVE-2023-53776
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to exploit weak session management by reusing IP-bound session identifiers. Attackers can issue unauthorized requests to the device management API by leveraging the session binding mechanism to perform...
CVE-2023-53775
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change user passwords by exploiting weak session management controls. Attackers can reuse IP-bound session identifiers to issue unauthorized requests to the userManager API and modify user credentials...
CVE-2023-53775
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change user passwords by exploiting weak session management controls. Attackers can reuse IP-bound session identifiers to issue unauthorized requests to the userManager API and modify user credentials...
CVE-2023-53740
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify...
CVE-2023-53741
Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing established sessions to remove user accounts without...
CVE-2023-53776
CVE-2023-53776 affects Screen SFT DAB 1.9.3, describing an authentication bypass caused by weak session management and reuse of IP-bound session identifiers. This enables attackers to issue unauthorized requests to the device management API and perform critical operations on the transmitter. The ...
CVE-2023-53775
Screen SFT DAB 1.9.3 contains an authentication bypass due to weak session management, enabling reuse of IP-bound session identifiers to issue unauthorized requests to the userManager API and change user credentials. Concrete details from PT-2025-50526: affected version 1.9.3; attack involves byp...
CVE-2023-53775 Screen SFT DAB 1.9.3 Authentication Bypass via Session Management Weakness
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change user passwords by exploiting weak session management controls. Attackers can reuse IP-bound session identifiers to issue unauthorized requests to the userManager API and modify user credentials...
CVE-2023-53741 Screen SFT DAB 1.9.3 Authentication Bypass via IP Session Management
Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing established sessions to remove user accounts without...
CVE-2023-53741
Screen SFT DAB 1.9.3 is affected by a weak session management vulnerability that allows an attacker to bypass authentication by reusing IP-address-bound session identifiers. The issue enables exploitation of the vulnerable API by intercepting and reusing established sessions to remove user accoun...