CVE-2023-53968 – This authentication bypass vulnerability in Scr... (How to Fix)

Q: What is the severity of CVE-2023-53968?

CVE-2023-53968 has a CVSS score of 9.8 (CRITICAL). This authentication bypass vulnerability in Screen SFT DAB 600/C firmware allows attackers to delete user accounts without credentials by exploiting IP address session binding. Attackers can send unauthorized requests to the userManager API using the same IP address as an authenticated session. Organizations using Screen SFT DAB 600/C devices with firmware version 1.9.3 are affected.

📋 TL;DR

This authentication bypass vulnerability in Screen SFT DAB 600/C firmware allows attackers to delete user accounts without credentials by exploiting IP address session binding. Attackers can send unauthorized requests to the userManager API using the same IP address as an authenticated session. Organizations using Screen SFT DAB 600/C devices with firmware version 1.9.3 are affected.

💻 Affected Systems

Products:

Screen SFT DAB 600/C

Versions: Firmware 1.9.3

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Devices with management interfaces exposed to network are vulnerable. Default configurations likely expose these interfaces.

📦 What is this software?

Sft Dab 600\/c Firmware by Dbbroadcast

View all CVEs affecting Sft Dab 600\/c Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of device management with all user accounts deleted, rendering the device unusable for legitimate users and potentially disrupting broadcast operations.

🟠

Likely Case

Unauthorized deletion of administrative or user accounts leading to service disruption and potential device takeover.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external attackers from reaching vulnerable interfaces.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit requires network access to device management interface. No authentication needed once IP session binding is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.dbbroadcast.com

Restart Required: No

Instructions:

1. Check vendor website for firmware updates. 2. Download latest firmware. 3. Upload to device via management interface. 4. Apply firmware update following vendor instructions.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate device management interfaces from untrusted networks

Access Control Lists

all

Restrict access to device management IP/ports to authorized IPs only

🧯 If You Can't Patch

Implement strict network segmentation to isolate device from untrusted networks
Deploy network-based intrusion detection to monitor for unauthorized API calls to userManager endpoints

🔍 How to Verify

Check if Vulnerable:

Check firmware version via device web interface or SSH. If version is 1.9.3, device is vulnerable.

Check Version:

Check via device web interface at System > Firmware or via SSH if available

Verify Fix Applied:

Verify firmware version is updated beyond 1.9.3. Test authentication requirements for userManager API endpoints.

📡 Detection & Monitoring

Log Indicators:

Unauthorized userManager API calls
User account deletion events without authentication logs
Multiple failed authentication attempts followed by successful userManager calls

Network Indicators:

HTTP requests to /userManager endpoints from unauthorized IPs
POST/DELETE requests to user management APIs without authentication headers

SIEM Query:

source="device_logs" AND (uri="/userManager" OR method="DELETE" AND uri CONTAINS "user") AND NOT auth_success="true"

📊 Metadata

CVE ID: CVE-2023-53968

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-306

EPSS Score: 0.47% exploit probability (64.1th percentile)

Published: December 22, 2025

Last Updated: December 26, 2025

🔗 References

https://www.dbbroadcast.com Product
https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/ Product
https://www.exploit-db.com/exploits/51457 Exploit
https://www.vulncheck.com/advisories/screen-sft-dab-c-firmware-authentication-bypass-erase-account Third Party Advisory,Exploit
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5773.php Exploit,Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5773.php Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53968, you might also want to check these: