Описание
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change user passwords by exploiting weak session management controls. Attackers can reuse IP-bound session identifiers to issue unauthorized requests to the userManager API and modify user credentials without proper authentication.
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change user passwords by exploiting weak session management controls. Attackers can reuse IP-bound session identifiers to issue unauthorized requests to the userManager API and modify user credentials without proper authentication.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-53775
- https://www.dbbroadcast.com
- https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air
- https://www.exploit-db.com/exploits/51456
- https://www.screen.it
- https://www.vulncheck.com/advisories/screen-sft-dab-authentication-bypass-via-user-password-change
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5772.php
Связанные уязвимости
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change user passwords by exploiting weak session management controls. Attackers can reuse IP-bound session identifiers to issue unauthorized requests to the userManager API and modify user credentials without proper authentication.