CVE-2023-53969
HIGHScreen SFT DAB 600/C firmware <1.9.3 - Auth Bypass
Title source: llmDescription
Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to change user passwords without proper authentication.
Exploits (1)
exploitdb
WORKING POC
by LiquidWorm · pythonremotehardware
https://www.exploit-db.com/exploits/51456
References (5)
Scores
CVSS v3
7.5
EPSS
0.0042
EPSS Percentile
61.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-306
Status
published
Products (1)
dbbroadcast/sft_dab_600\/c_firmware
1.9.3
Published
Dec 22, 2025
Tracked Since
Feb 18, 2026