CVE-2023-53740

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-53740
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify the admin account.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.dbbroadcast.com Product
https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/ Product
https://www.exploit-db.com/exploits/51458 Exploit Third Party Advisory
https://www.screen.it Product
https://www.vulncheck.com/advisories/screen-sft-dab-authentication-bypass-via-admin-password-change Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5774.php Third Party Advisory Exploit
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5774.php Third Party Advisory Exploit
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dbbroadcast:sft_dab_015\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_015\/c:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dbbroadcast:sft_dab_050\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_050\/c:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dbbroadcast:sft_dab_150\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_150\/c:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dbbroadcast:sft_dab_300\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_300\/c:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dbbroadcast:sft_dab_600\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_600\/c:-:*:*:*:*:*:*:*
History

17 Dec 2025, 18:59

Type Values Removed Values Added
CPE cpe:2.3:o:dbbroadcast:sft_dab_150\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_050\/c:-:*:*:*:*:*:*:*
cpe:2.3:o:dbbroadcast:sft_dab_015\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_300\/c:-:*:*:*:*:*:*:*
cpe:2.3:o:dbbroadcast:sft_dab_600\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_600\/c:-:*:*:*:*:*:*:*
cpe:2.3:o:dbbroadcast:sft_dab_050\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_150\/c:-:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_015\/c:-:*:*:*:*:*:*:*
cpe:2.3:o:dbbroadcast:sft_dab_300\/c_firmware:1.9.3:*:*:*:*:*:*:*
References () https://www.dbbroadcast.com - () https://www.dbbroadcast.com - Product
References () https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/ - () https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/ - Product
References () https://www.exploit-db.com/exploits/51458 - () https://www.exploit-db.com/exploits/51458 - Exploit, Third Party Advisory
References () https://www.screen.it - () https://www.screen.it - Product
References () https://www.vulncheck.com/advisories/screen-sft-dab-authentication-bypass-via-admin-password-change - () https://www.vulncheck.com/advisories/screen-sft-dab-authentication-bypass-via-admin-password-change - Third Party Advisory
References () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5774.php - () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5774.php - Third Party Advisory, Exploit
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
First Time Dbbroadcast sft Dab 050\/c
Dbbroadcast sft Dab 015\/c
Dbbroadcast
Dbbroadcast sft Dab 600\/c
Dbbroadcast sft Dab 600\/c Firmware
Dbbroadcast sft Dab 150\/c Firmware
Dbbroadcast sft Dab 050\/c Firmware
Dbbroadcast sft Dab 300\/c Firmware
Dbbroadcast sft Dab 150\/c
Dbbroadcast sft Dab 015\/c Firmware
Dbbroadcast sft Dab 300\/c

11 Dec 2025, 19:15

Type Values Removed Values Added
References () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5774.php - () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5774.php -

10 Dec 2025, 21:16

Type Values Removed Values Added
New CVE
Information

Published : 2025-12-10 21:16

Updated : 2025-12-17 18:59

NVD link : CVE-2023-53740

Mitre link : CVE-2023-53740

CVE.ORG link : CVE-2023-53740

JSON object : View

Products Affected

dbbroadcast

  • sft_dab_600\/c
  • sft_dab_300\/c_firmware
  • sft_dab_015\/c
  • sft_dab_600\/c_firmware
  • sft_dab_050\/c_firmware
  • sft_dab_300\/c
  • sft_dab_150\/c
  • sft_dab_150\/c_firmware
  • sft_dab_050\/c
  • sft_dab_015\/c_firmware
CWE
CWE-862

Missing Authorization