CVE-2023-53740
BaseFortify
Publication date: 2025-12-10
Last updated on: 2025-12-17
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dbbroadcast | sft_dab_015\/c_firmware | 1.9.3 |
| dbbroadcast | sft_dab_015\/c | * |
| dbbroadcast | sft_dab_050\/c_firmware | 1.9.3 |
| dbbroadcast | sft_dab_050\/c | * |
| dbbroadcast | sft_dab_150\/c_firmware | 1.9.3 |
| dbbroadcast | sft_dab_150\/c | * |
| dbbroadcast | sft_dab_300\/c_firmware | 1.9.3 |
| dbbroadcast | sft_dab_300\/c | * |
| dbbroadcast | sft_dab_600\/c_firmware | 1.9.3 |
| dbbroadcast | sft_dab_600\/c | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an authentication bypass in Screen SFT DAB 1.9.3 that allows attackers to change the admin password without knowing the current password. By exploiting the userManager.cgx endpoint with a specially crafted JSON request containing a new MD5-hashed password, an attacker can directly modify the admin account credentials.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to gain unauthorized administrative access by changing the admin password without authentication. This could lead to full control over the affected system, unauthorized changes, data breaches, and potential disruption of services.