PT-2023-24447 · Db Elettronica Telecomunicazioni Spa · Sft Dab 600/C Uc+4
Gjoko Krstic
·
Published
2023-06-06
·
Updated
2024-02-16
·
CVE-2023-33684
CVSS v3.1
5.7
Medium
| Vector | AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware version 1.9.3
DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Bios firmware version 7.1
DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Gui version 2.46
DB Elettronica Telecomunicazioni SpA SFT DAB 600/C FPGA version 169.55
DB Elettronica Telecomunicazioni SpA SFT DAB 600/C uc version 6.15
Description
The issue allows attackers on the same network to bypass authentication by re-using the IP address assigned to the device by the NAT protocol due to weak session management.
Recommendations
For DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware version 1.9.3, consider restricting access to the device until a patch is available.
For DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Bios firmware version 7.1, restrict access to the device until a patch is available.
For DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Gui version 2.46, restrict access to the device until a patch is available.
For DB Elettronica Telecomunicazioni SpA SFT DAB 600/C FPGA version 169.55, restrict access to the device until a patch is available.
For DB Elettronica Telecomunicazioni SpA SFT DAB 600/C uc version 6.15, restrict access to the device until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sft Dab 600/C Bios Firmware
Sft Dab 600/C Fpga
Sft Dab 600/C Firmware
Sft Dab 600/C Gui
Sft Dab 600/C Uc