Описание
Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values.
Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-7328
- https://packetstormsecurity.com/files/172332
- https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air
- https://www.exploit-db.com/exploits/51460
- https://www.vulncheck.com/advisories/screen-sft-dab-600c-unauthenticated-information-disclosure
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5776.php
Связанные уязвимости
Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values.