CVE-2023-53741

HIGH

Screen SFT DAB Series - Compact Radio DAB Transmitter 1.9.3 - Authentication Bypass via IP Session Reuse

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53741. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in Screen SFT DAB 600/C devices by reusing a victim's IP-bound session to delete a user account via an unauthorized API call.

Description

Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing established sessions to remove user accounts without proper authorization.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · pythonremotehardware

https://www.exploit-db.com/exploits/51457

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass vulnerability in Screen SFT DAB 600/C devices by reusing a victim's IP-bound session to delete a user account via an unauthorized API call.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Screen SFT DAB 600/C (Firmware 1.9.3, Bios 7.1, GUI 2.46)

No auth needed

Prerequisites: Network access to the target device · Victim's active session with the same IP

MITRE ATT&CK

T1189 - Drive-by Compromise T1078 - Valid Accounts

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/51457

Product product

https://www.screen.it

Product product

https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/

Product vendor-advisory vdb-entry

https://www.dbbroadcast.com

Third Party Advisory vendor-advisory vdb-entry

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5773.php

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/screen-sft-dab-authentication-bypass-via-ip-session-management

Scores

CVSS v3 8.1

EPSS 0.0066

EPSS Percentile 46.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-384

Status published

Products (6)

DB Elettronica Telecomunicazioni SpA/Screen SFT DAB Series - Compact Radio DAB Transmitter 1.9.3

dbbroadcast/sft_dab_015\/c_firmware 1.9.3

dbbroadcast/sft_dab_050\/c_firmware 1.9.3

dbbroadcast/sft_dab_150\/c_firmware 1.9.3

dbbroadcast/sft_dab_300\/c_firmware 1.9.3

dbbroadcast/sft_dab_600\/c_firmware 1.9.3

Published Dec 10, 2025

Tracked Since Feb 18, 2026