4 matches found
CVE-2023-53967 Screen SFT DAB 600/C Firmware 1.9.3 Authentication Bypass Admin Password Change
Screen SFT DAB 600/C firmware 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without requiring the current credentials. Attackers can exploit the userManager.cgx API endpoint by sending a crafted POST request with a new MD5-hashed password...
CVE-2023-53967
Affected product: Screen SFT DAB 600/C firmware 1.9.3. Vulnerability: authentication bypass via POST to userManager.cgx that allows changing the admin password using a crafted MD5-hashed password. Impact: potential unauthorized admin access; confidentiality at risk. Root cause: improper authentic...
PT-2025-52704
Name of the Vulnerable Software and Affected Versions Screen SFT DAB 600/C version 1.9.3 Description The Screen SFT DAB 600/C firmware contains a flaw that permits unauthorized modification of the administrator password without current credentials. An attacker can exploit this by sending a...
EUVD-2023-60186
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify...