CVE-2023-53740

CRITICAL

Screen SFT DAB 1.9.3 - Auth Bypass

Title source: llm

Description

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify the admin account.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · pythonremotehardware

https://www.exploit-db.com/exploits/51458

View Code ZIP pw:eip

References (6)

[Product] https://www.dbbroadcast.com

[Product] https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/51458

[Product] https://www.screen.it

[Third Party Advisory] https://www.vulncheck.com/advisories/screen-sft-dab-authentication-bypass-via-admin-password-change

[Third Party Advisory, Exploit] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5774.php

Scores

CVSS v3 9.8

EPSS 0.0054

EPSS Percentile 67.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-862

Status published

Affected Products (5)

dbbroadcast/sft_dab_015\/c_firmware

dbbroadcast/sft_dab_050\/c_firmware

dbbroadcast/sft_dab_150\/c_firmware

dbbroadcast/sft_dab_300\/c_firmware

dbbroadcast/sft_dab_600\/c_firmware

Timeline

Published Dec 10, 2025

Tracked Since Feb 18, 2026