CVE-2023-7328

Sažetak

Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values.

Reference

https://packetstormsecurity.com/files/172332/
https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/
https://www.exploit-db.com/exploits/51460
https://www.vulncheck.com/advisories/screen-sft-dab-600c-unauthenticated-information-disclosure
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5776.php
https://www.exploit-db.com/exploits/51460
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5776.php

CVSS

Base:	5.3
Impact:	1.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Zadnje važnije ažuriranje

26-12-2025 - 16:45

Objavljeno

14-11-2025 - 23:15