CVE-2023-7328

MEDIUM

Dbbroadcast Sft Dab 600/c Firmware < 1.9.3 - Missing Authentication

Title source: rule

Description

Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textremotehardware

https://www.exploit-db.com/exploits/51460

View Code ZIP pw:eip

References (5)

[Third Party Advisory] https://packetstormsecurity.com/files/172332/

[Product] https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/

[Exploit] https://www.exploit-db.com/exploits/51460

[Third Party Advisory] https://www.vulncheck.com/advisories/screen-sft-dab-600c-unauthenticated-information-disclosure

[Exploit, Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5776.php

Scores

CVSS v3 5.3

EPSS 0.0008

EPSS Percentile 23.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-306

Status published

Products (2)

dbbroadcast/sft_dab_600\/c_firmware < 1.9.3

DB Elettronica Telecomunicazioni SpA/Screen SFT DAB 600/C < 1.9.3

Published Nov 14, 2025

Tracked Since Feb 18, 2026