Описание
Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing established sessions to remove user accounts without proper authorization.
Ссылки
- Product
- Product
- ExploitThird Party Advisory
- Product
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:dbbroadcast:sft_dab_015\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_015\/c:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:dbbroadcast:sft_dab_050\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_050\/c:-:*:*:*:*:*:*:*
Конфигурация 3
Одновременно
cpe:2.3:o:dbbroadcast:sft_dab_150\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_150\/c:-:*:*:*:*:*:*:*
Конфигурация 4
Одновременно
cpe:2.3:o:dbbroadcast:sft_dab_300\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_300\/c:-:*:*:*:*:*:*:*
Конфигурация 5
Одновременно
cpe:2.3:o:dbbroadcast:sft_dab_600\/c_firmware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:sft_dab_600\/c:-:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00456
Низкий
8.1 High
CVSS3
Дефекты
CWE-384
CWE-384
Связанные уязвимости
CVSS3: 8.1
github
около 2 месяцев назад
Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing established sessions to remove user accounts without proper authorization.
EPSS
Процентиль: 63%
0.00456
Низкий
8.1 High
CVSS3
Дефекты
CWE-384
CWE-384