CVE-2023-53967 – This authentication bypass vulnerability in Scr... (How to Fix)

Q: What is the severity of CVE-2023-53967?

CVE-2023-53967 has a CVSS score of 7.5 (HIGH). This authentication bypass vulnerability in Screen SFT DAB 600/C firmware allows attackers to change the admin password without providing current credentials. Attackers can exploit the userManager.cgx API endpoint via crafted POST requests to modify authentication. All users of affected firmware versions are vulnerable to unauthorized administrative access.

📋 TL;DR

This authentication bypass vulnerability in Screen SFT DAB 600/C firmware allows attackers to change the admin password without providing current credentials. Attackers can exploit the userManager.cgx API endpoint via crafted POST requests to modify authentication. All users of affected firmware versions are vulnerable to unauthorized administrative access.

💻 Affected Systems

Products:

Screen SFT DAB 600/C

Versions: Firmware 1.9.3 (likely affects earlier versions too)

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running vulnerable firmware with web interface enabled are affected. No special configuration required.

📦 What is this software?

Sft Dab 600\/c Firmware by Dbbroadcast

View all CVEs affecting Sft Dab 600\/c Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to reconfigure broadcast settings, disrupt operations, or use the device as an attack pivot point into broadcast networks.

🟠

Likely Case

Unauthorized administrative access leading to configuration changes, service disruption, or data exfiltration from the device.

🟢

If Mitigated

Limited impact if device is isolated in protected network segments with strict access controls and monitoring.

🌐 Internet-Facing: HIGH - Directly exploitable via HTTP requests without authentication, making internet-exposed devices immediate targets.

🏢 Internal Only: MEDIUM - Still exploitable by internal attackers or compromised internal systems, but requires network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit requires simple HTTP POST request to userManager.cgx endpoint with MD5-hashed password. Public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.dbbroadcast.com

Restart Required: No

Instructions:

Check vendor website for firmware updates. If available, download latest firmware and follow vendor's update procedure.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices in separate VLANs with strict firewall rules blocking external access to management interfaces.

Access Control Lists

all

Implement IP-based restrictions to only allow administrative access from trusted management networks.

🧯 If You Can't Patch

Disable web management interface if not required for operations
Implement network monitoring for suspicious POST requests to userManager.cgx endpoint

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface or SSH. If version is 1.9.3 or earlier, assume vulnerable.

Check Version:

Check web interface System Information page or use vendor-specific CLI commands

Verify Fix Applied:

Test if password change via userManager.cgx endpoint still works without authentication after applying vendor patch.

📡 Detection & Monitoring

Log Indicators:

HTTP POST requests to /userManager.cgx
Failed authentication attempts followed by successful password changes
Unusual admin account modifications

Network Indicators:

HTTP traffic to device management interface containing password change parameters
POST requests to userManager.cgx from unexpected sources

SIEM Query:

source="device_logs" AND (uri="/userManager.cgx" OR event="password_change")

📊 Metadata

CVE ID: CVE-2023-53967

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-306

EPSS Score: 0.34% exploit probability (56.3th percentile)

Published: December 22, 2025

Last Updated: December 26, 2025

🔗 References

https://www.dbbroadcast.com Product
https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/ Product
https://www.exploit-db.com/exploits/51458 Exploit
https://www.vulncheck.com/advisories/screen-sft-dab-c-firmware-authentication-bypass-admin-password-change Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5774.php Exploit,Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5774.php Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53967, you might also want to check these: