CVE-2023-7328 | THREATINT

Description

Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values.

PUBLISHED Reserved 2025-11-12 | Published 2025-11-14 | Updated 2025-11-18 | Assigner VulnCheck

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-306 Missing Authentication for Critical Function

Product status

Default status

unknown

Any version

affected

Timeline

2023-05-13:

ZSL-2023-5776 is publicly disclosed.

Credits

Gjoko Krstic of Zero Science Lab finder

References

www.exploit-db.com/exploits/51460 exploit

www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5776.php exploit

www.exploit-db.com/exploits/51460 exploit

www.dbbroadcast.com/...cts/radio/sft-dab-series-compact-air/ product

www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5776.php technical-description exploit

packetstormsecurity.com/files/172332/ exploit

www.vulncheck.com/...-unauthenticated-information-disclosure third-party-advisory

cve.org (CVE-2023-7328)

nvd.nist.gov (CVE-2023-7328)

Download JSON

help @ threatint.eu