CVE-2023-53775

MEDIUM

Screen SFT DAB 1.9.3 - Unauthenticated Authentication Bypass via Session Fixation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53775. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in Screen SFT DAB 600/C devices by reusing a victim's IP-bound session to change user credentials via an unauthorized API call. It leverages weak session management to manipulate the transmitter's user settings.

Description

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change user passwords by exploiting weak session management controls. Attackers can reuse IP-bound session identifiers to issue unauthorized requests to the userManager API and modify user credentials without proper authentication.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · pythonremotehardware

https://www.exploit-db.com/exploits/51456

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass vulnerability in Screen SFT DAB 600/C devices by reusing a victim's IP-bound session to change user credentials via an unauthorized API call. It leverages weak session management to manipulate the transmitter's user settings.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Screen SFT DAB 600/C with Firmware 1.9.3, Bios 7.1, GUI 2.46, FPGA 169.55, uc 6.15

No auth needed

Prerequisites: Network access to the target device · Victim's active session with the same IP address

MITRE ATT&CK

T1189 - Drive-by Compromise T1078 - Valid Accounts

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/51456

Product product

https://www.screen.it

Product product

https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/

Product product

https://www.dbbroadcast.com

Third Party Advisory, Exploit vendor-advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5772.php

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/screen-sft-dab-authentication-bypass-via-user-password-change

Scores

CVSS v3 6.5

EPSS 0.0043

EPSS Percentile 33.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-384

Status published

Products (2)

DB Elettronica Telecomunicazioni SpA/Screen SFT DAB Series - Compact Radio DAB Transmitter 1.9.3

dbbroadcast/sft_dab_600\/c_firmware 1.9.3

Published Dec 10, 2025

Tracked Since Feb 18, 2026