Login Sign Up

CVE-2023-53969

7.5 HIGH
Authentication Bypass

📋 TL;DR

This authentication bypass vulnerability in Screen SFT DAB 600/C firmware allows attackers to change user passwords without proper authentication by exploiting IP address session binding. Attackers can reuse the same IP address to issue unauthorized requests to the userManager API. This affects organizations using Screen SFT DAB 600/C devices with firmware version 1.9.3.

💻 Affected Systems

Products:
  • Screen SFT DAB 600/C
Versions: Firmware version 1.9.3
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running the vulnerable firmware version are affected regardless of configuration.

📦 What is this software?

Sft Dab 600\/c Firmware by Dbbroadcast

View all CVEs affecting Sft Dab 600\/c Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative access to the device, change all passwords, lock out legitimate users, and potentially compromise broadcast systems or use the device as an attack pivot point.

🟠

Likely Case

Attackers change administrative passwords to gain persistent access, potentially disrupting broadcast operations or using the device for unauthorized activities.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the isolated device with no lateral movement to critical systems.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit code is publicly available on Exploit-DB and other sources, making this easily weaponizable.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.dbbroadcast.com

Restart Required: No

Instructions:

Check vendor website for firmware updates. If available, download and apply the latest firmware following vendor instructions.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate the affected device from untrusted networks and restrict access to management interfaces.

Access Control Lists

all

Implement strict firewall rules to limit which IP addresses can access the device's management interface.

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate the device from untrusted networks
  • Monitor network traffic for unauthorized access attempts to the userManager API

🔍 How to Verify

Check if Vulnerable:

Check firmware version via device web interface or console. If version is 1.9.3, device is vulnerable.

Check Version:

Check via device web interface or vendor-specific CLI commands

Verify Fix Applied:

Verify firmware version has been updated to a version later than 1.9.3.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed authentication attempts followed by successful password change requests
  • Password change requests from unusual IP addresses

Network Indicators:

  • HTTP POST requests to /userManager API without proper authentication headers
  • Unusual traffic patterns to device management interface

SIEM Query:

source_ip=* AND dest_port=80 AND http_method=POST AND uri_path="/userManager" AND NOT auth_token=*

📊 Metadata

CVE ID: CVE-2023-53969
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-306
EPSS Score: 0.34% exploit probability (56.3th percentile)
Published: December 22, 2025
Last Updated: December 26, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53969, you might also want to check these:

CVE-2025-32433 10.0

This CVE describes a critical vulnerability in Erlang/OTP's SSH server that allows unauthenticated r...

Same vulnerability type (CWE-306)
CVE-2026-23693 10.0

The ElementsKit Lite WordPress plugin versions before 3.7.9 expose an unauthenticated REST endpoint ...

Same vulnerability type (CWE-306)
CVE-2025-58083 10.0

The General Industrial Controls Lynx+ Gateway has a critical authentication bypass vulnerability in ...

Same vulnerability type (CWE-306)