CVE-2023-53775 – CVE-2023-53775 is an authentication bypass vuln... (How to Fix)

Q: What is the severity of CVE-2023-53775?

CVE-2023-53775 has a CVSS score of 6.5 (MEDIUM). CVE-2023-53775 is an authentication bypass vulnerability in Screen SFT DAB 1.9.3 that allows attackers to change user passwords without proper authentication by exploiting weak session management. Attackers can reuse IP-bound session identifiers to make unauthorized requests to the userManager API. This affects organizations using Screen SFT DAB 1.9.3 for digital audio broadcasting.

📋 TL;DR

CVE-2023-53775 is an authentication bypass vulnerability in Screen SFT DAB 1.9.3 that allows attackers to change user passwords without proper authentication by exploiting weak session management. Attackers can reuse IP-bound session identifiers to make unauthorized requests to the userManager API. This affects organizations using Screen SFT DAB 1.9.3 for digital audio broadcasting.

💻 Affected Systems

Products:

Screen SFT DAB

Versions: 1.9.3

Operating Systems: Unknown - Likely embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Specific configurations may affect exploitability, but default installations appear vulnerable.

📦 What is this software?

Sft Dab 600\/c Firmware by Dbbroadcast

View all CVEs affecting Sft Dab 600\/c Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative access to the broadcasting system, potentially disrupting operations, modifying configurations, or accessing sensitive broadcast data.

🟠

Likely Case

Unauthorized password changes leading to account takeover, service disruption, or unauthorized access to broadcasting controls.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, but authentication bypass remains possible.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely if the system is exposed to the internet.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available on Exploit-DB (ID 51456), making exploitation straightforward for attackers with network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.screen.it

Restart Required: No

Instructions:

No official patch available. Check vendor website for updates and apply when released.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Screen SFT DAB systems from untrusted networks and restrict access to management interfaces.

API Access Restriction

all

Block or restrict access to the userManager API endpoint using firewall rules or web application firewall.

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the SFT DAB management interface.
Monitor for unusual API requests to userManager endpoint and implement alerting for password change attempts.

🔍 How to Verify

Check if Vulnerable:

Check if running Screen SFT DAB version 1.9.3. Test if unauthorized password change requests to userManager API succeed using available exploit code.

Check Version:

Check device web interface or documentation for version information.

Verify Fix Applied:

Verify updated version is installed and test that password change requests without proper authentication fail.

📡 Detection & Monitoring

Log Indicators:

Unusual userManager API requests from unexpected IP addresses
Multiple failed authentication attempts followed by successful password changes

Network Indicators:

HTTP POST requests to /userManager endpoint from unauthorized sources
Unusual traffic patterns to management interface

SIEM Query:

source_ip NOT IN authorized_ips AND destination_port=80 AND uri_path CONTAINS '/userManager' AND http_method='POST'

📊 Metadata

CVE ID: CVE-2023-53775

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE: CWE-384

EPSS Score: 0.25% exploit probability (48th percentile)

Published: December 10, 2025

Last Updated: January 2, 2026

🔗 References

https://www.dbbroadcast.com Product
https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/ Product
https://www.exploit-db.com/exploits/51456 Exploit,Third Party Advisory
https://www.screen.it Product
https://www.vulncheck.com/advisories/screen-sft-dab-authentication-bypass-via-user-password-change Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5772.php Third Party Advisory,Exploit
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5772.php Third Party Advisory,Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53775, you might also want to check these: