PT-2025-52706 · Unknown · Screen Sft Dab 600/C
Published
2025-12-22
·
Updated
2025-12-23
·
CVE-2023-53969
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Screen SFT DAB 600/C version 1.9.3
Description
The software contains a session management issue that allows attackers to bypass authentication controls. This is achieved by exploiting improper IP address session binding. Attackers can reuse the same IP address and submit unauthorized requests to the
userManager API to modify user passwords without valid authentication. The vulnerable API endpoint is userManager. The vulnerable parameter is the IP address used for session binding.Recommendations
Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the
userManager API to authorized users only.Exploit
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Screen Sft Dab 600/C