CVE-2023-53967
BaseFortify
Publication date: 2025-12-22
Last updated on: 2025-12-26
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dbbroadcast | sft_dab_600\/c_firmware | 1.9.3 |
| dbbroadcast | sft_dab_600\/c | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2023-53967 is an authentication bypass vulnerability in Screen SFT DAB 600/C firmware version 1.9.3. It allows an attacker to change the administrator password without knowing the current password by exploiting the userManager.cgx API endpoint. The attacker sends a specially crafted POST request with a new MD5-hashed password, which directly modifies the admin account's authentication data, enabling unauthorized access. [1]
How can this vulnerability impact me? :
This vulnerability can have a severe impact as it allows attackers to gain unauthorized administrative access to the device by changing the admin password without credentials. This can lead to a complete compromise of the device's confidentiality, integrity, and availability, potentially allowing attackers to control the device, access sensitive information, or disrupt its operation. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusual POST requests to the userManager.cgx API endpoint that contain MD5-hashed passwords attempting to change the admin password without proper authentication. Network traffic analysis tools like Wireshark or command-line tools such as tcpdump can be used to capture and inspect HTTP POST requests to this endpoint. For example, using tcpdump: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' and then filtering for POST requests to userManager.cgx. Additionally, web server logs can be searched for POST requests to userManager.cgx with suspicious payloads. However, no specific detection commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting network access to the userManager.cgx API endpoint to trusted sources only, implementing network-level controls such as firewalls or access control lists to block unauthorized POST requests, and monitoring for suspicious activity targeting this endpoint. Since the vulnerability allows password changes without authentication, it is critical to apply any available firmware updates or patches from the vendor that address this issue. If patches are not yet available, consider disabling or restricting access to the vulnerable API endpoint until a fix is applied. [1]