CVE-2023-53968
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-22

Last updated on: 2025-12-26

Assigner: VulnCheck

Description
Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to remove user accounts without proper authentication.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-22
Last Modified
2025-12-26
Generated
2026-06-16
AI Q&A
2025-12-23
EPSS Evaluated
2026-06-14
NVD
CVE-2023-53968
EUVD
EUVD-2023-60230
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
dbbroadcast sft_dab_600\/c_firmware 1.9.3
dbbroadcast sft_dab_600\/c *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can have a severe impact by allowing attackers to perform unauthorized actions such as deleting user accounts without any authentication or user interaction. This can lead to loss of user data, disruption of service, and potential compromise of system integrity. [1]

Detection Guidance

Detection of this vulnerability involves monitoring for unauthorized requests to the userManager API originating from the same IP address without proper authentication. Network traffic analysis tools can be used to identify repeated or suspicious API calls that attempt to remove user accounts. Specific commands are not provided in the available resources. [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the userManager API to trusted IP addresses, implementing additional authentication mechanisms beyond IP address session binding, and monitoring for unauthorized API requests. Updating the firmware to a version that addresses this vulnerability, if available, is also recommended. Specific mitigation commands or patches are not detailed in the provided resources. [1]

Executive Summary

CVE-2023-53968 is a critical session management vulnerability in Screen SFT DAB 600/C Firmware 1.9.3. It allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address to send unauthorized requests to the userManager API, enabling them to remove user accounts without proper authentication or privileges. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53968. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart