CVE-2023-53776 – This authentication bypass vulnerability in Scr... (How to Fix)

Q: What is the severity of CVE-2023-53776?

CVE-2023-53776 has a CVSS score of 8.8 (HIGH). This authentication bypass vulnerability in Screen SFT DAB 1.9.3 allows attackers to reuse IP-bound session identifiers to perform unauthorized operations on the transmitter's management API. Attackers can exploit weak session management to issue critical commands without proper authentication. Organizations using Screen SFT DAB series compact air transmitters are affected.

📋 TL;DR

This authentication bypass vulnerability in Screen SFT DAB 1.9.3 allows attackers to reuse IP-bound session identifiers to perform unauthorized operations on the transmitter's management API. Attackers can exploit weak session management to issue critical commands without proper authentication. Organizations using Screen SFT DAB series compact air transmitters are affected.

💻 Affected Systems

Products:

Screen SFT DAB series compact air transmitters

Versions: 1.9.3

Operating Systems: Embedded/Proprietary

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with management API accessible. The vulnerability is in the session management mechanism that binds sessions to IP addresses.

📦 What is this software?

Sft Dab 600\/c Firmware by Dbbroadcast

View all CVEs affecting Sft Dab 600\/c Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of transmitter functionality allowing attackers to modify configurations, disrupt broadcasts, or potentially cause physical damage to equipment through unauthorized commands.

🟠

Likely Case

Unauthorized access to management interface allowing configuration changes, service disruption, or data exfiltration from the transmitter system.

🟢

If Mitigated

Limited impact if network segmentation prevents external access and proper monitoring detects unusual API requests.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available on Exploit-DB (ID 51459). Attackers can reuse session identifiers bound to IP addresses to bypass authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.screen.it

Restart Required: No

Instructions:

Check vendor website for security updates. Contact Screen SFT support for patch availability and installation guidance.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate SFT DAB devices from untrusted networks and restrict access to management interface.

Access Control Lists

all

Implement strict firewall rules to limit which IP addresses can access the management API.

🧯 If You Can't Patch

Implement network segmentation to isolate SFT DAB devices from untrusted networks
Deploy intrusion detection systems to monitor for unusual API requests to the management interface

🔍 How to Verify

Check if Vulnerable:

Check device version via web interface or CLI. If running version 1.9.3, the device is vulnerable.

Check Version:

Check via web interface at http://[device-ip]/ or consult device documentation for CLI version command.

Verify Fix Applied:

Verify updated version number and test session management by attempting to reuse session identifiers from different IP addresses.

📡 Detection & Monitoring

Log Indicators:

Multiple session creation attempts from same IP
Unauthorized API requests to management endpoints
Session ID reuse from different source IPs

Network Indicators:

Unusual API request patterns to /api/ endpoints
Management interface access from unexpected IP addresses

SIEM Query:

source_ip=[SFT_DAB_IP] AND (uri_path CONTAINS "/api/" OR status_code=401) | stats count by source_ip, user_agent

📊 Metadata

CVE ID: CVE-2023-53776

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-384

EPSS Score: 0.24% exploit probability (47.1th percentile)

Published: December 10, 2025

Last Updated: January 2, 2026

🔗 References

https://www.dbbroadcast.com Product
https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/ Product
https://www.exploit-db.com/exploits/51459 Exploit,Third Party Advisory
https://www.screen.it Product
https://www.vulncheck.com/advisories/screen-sft-dab-authentication-bypass-via-session-management-weakness Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5775.php Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5775.php Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53776, you might also want to check these: