cbcvebase.

Db Elettronica Telecomunicazioni Spa Screen Sft Dab 600 C vulnerabilities

5 known vulnerabilities affecting db_elettronica_telecomunicazioni_spa/screen_sft_dab_600_c.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2023-53968P2CRITICALCVSS 9.8v-2025-12-22
CVE-2023-53968 [CRITICAL] CWE-306 CVE-2023-53968: Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attacker Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to remove user accounts without proper authentication.
nvd
CVE-2023-53967P3HIGHCVSS 7.5v-2025-12-22
CVE-2023-53967 [HIGH] CWE-306 CVE-2023-53967: Screen SFT DAB 600/C firmware 1.9.3 contains an authentication bypass vulnerability that allows atta Screen SFT DAB 600/C firmware 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without requiring the current credentials. Attackers can exploit the userManager.cgx API endpoint by sending a crafted POST request with a new MD5-hashed password to directly modify the admin account's authentication.
nvd
CVE-2023-53970P3HIGHCVSS 7.5v-2025-12-22
CVE-2023-53970 [HIGH] CWE-306 CVE-2023-53970: Screen SFT DAB 600/C Firmware 1.9.3 contains a weak session management vulnerability that allows att Screen SFT DAB 600/C Firmware 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP-bound session identifiers. Attackers can exploit the vulnerable deviceManagement API endpoint to reset device configurations by sending crafted POST requests with manipulated session parameters.
nvd
CVE-2023-53969P3HIGHCVSS 7.5v-2025-12-22
CVE-2023-53969 [HIGH] CWE-306 CVE-2023-53969: Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attacker Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to change user passwords without proper authentication.
nvd
CVE-2023-7328P4MEDIUMCVSS 5.3≤ 1.9.32025-11-14
CVE-2023-7328 [MEDIUM] CWE-306 CVE-2023-7328: Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values.
nvd
Db Elettronica Telecomunicazioni Spa Screen Sft Dab 600 C vulnerabilities | cvebase