CVE-2023-7328

MEDIUM

Dbbroadcast Sft Dab 600/c Firmware < 1.9.3 - Missing Authentication

Title source: rule

Description

Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textremotehardware

https://www.exploit-db.com/exploits/51460

View Code ZIP pw:eip

References (5)

[Third Party Advisory] https://packetstormsecurity.com/files/172332/

[Product] https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/

[Exploit] https://www.exploit-db.com/exploits/51460

[Third Party Advisory] https://www.vulncheck.com/advisories/screen-sft-dab-600c-unauthenticated-information-disclosure

[Exploit, Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5776.php

Scores

CVSS v3 5.3

EPSS 0.0006

EPSS Percentile 19.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-306

Status published

Affected Products (1)

dbbroadcast/sft_dab_600\/c_firmware < 1.9.3

Timeline

Published Nov 14, 2025

Tracked Since Feb 18, 2026