ГлавнаяУязвимости → CVE-2023-53740
9.8критическая

CVE-2023-53740

Описание

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify the admin account.

Затрагиваемое ПО
Dbbroadcast Sft dab 015\/c firmwareDbbroadcast Sft dab 015\/cDbbroadcast Sft dab 050\/c firmwareDbbroadcast Sft dab 050\/cDbbroadcast Sft dab 150\/c firmwareDbbroadcast Sft dab 150\/cDbbroadcast Sft dab 300\/c firmwareDbbroadcast Sft dab 300\/cDbbroadcast Sft dab 600\/c firmwareDbbroadcast Sft dab 600\/c
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.dbbroadcast.comhttps://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/https://www.exploit-db.com/exploits/51458https://www.screen.ithttps://www.vulncheck.com/advisories/screen-sft-dab-authentication-bypass-via-admin-password-changehttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5774.phphttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5774.php