QwikSec

Security Database

CVE

CWE

Training

CVE-2023-53967

Published: Dec 22, 2025

Modified: Dec 22, 2025

PUBLISHED

CVSS v3.1

7.5

HIGH

Description

Screen SFT DAB 600/C firmware 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without requiring the current credentials. Attackers can exploit the userManager.cgx API endpoint by sending a crafted POST request with a new MD5-hashed password to directly modify the admin account's authentication.

Vendor	Product	Versions
DB Elettronica Telecomunicazioni SpA	Screen SFT DAB 600/C	affected `-`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

References

ExploitDB-51458

exploit

DB Elettronica Telecomunicazioni SpA Homepage

product

SFT DAB Series Product Page

product

Zero Science Lab Disclosure (ZSL-2022-5774)

third-party-advisory

VulnCheck Advisory: Screen SFT DAB 600/C Firmware 1.9.3 Authentication Bypass Admin Password Change

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.