CVE-2023-53741
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-12-10
Last updated on: 2025-12-18
Assigner: VulnCheck
Description
Description
Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing established sessions to remove user accounts without proper authorization.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dbbroadcast | sft_dab_015\/c_firmware | 1.9.3 |
| dbbroadcast | sft_dab_015\/c | * |
| dbbroadcast | sft_dab_050\/c_firmware | 1.9.3 |
| dbbroadcast | sft_dab_050\/c | * |
| dbbroadcast | sft_dab_150\/c_firmware | 1.9.3 |
| dbbroadcast | sft_dab_150\/c | * |
| dbbroadcast | sft_dab_300\/c_firmware | 1.9.3 |
| dbbroadcast | sft_dab_300\/c | * |
| dbbroadcast | sft_dab_600\/c_firmware | 1.9.3 |
| dbbroadcast | sft_dab_600\/c | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-384 | Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions. |
