Vulnerability Details CVE-2023-7328
Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.9%
CVSS Severity
CVSS v3 Score 5.3
References
- https://packetstormsecurity.com/files/172332/
- https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/
- https://www.exploit-db.com/exploits/51460
- https://www.vulncheck.com/advisories/screen-sft-dab-600c-unauthenticated-information-disclosure
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5776.php
- https://www.exploit-db.com/exploits/51460
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5776.php
Products affected by CVE-2023-7328
-
cpe:2.3:h:dbbroadcast:sft_dab_600/c:-
-
cpe:2.3:o:dbbroadcast:sft_dab_600/c_firmware:1.9.3