VYPR

Screen Sft Dab 600/c

by DB Electronica Telecomunicazioni S.p.A.

CVEs (6)

  • CVE-2023-33684MedJun 6, 2023
    risk 0.37cvss 5.7epss 0.00

    Weak session management in DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware: 1.9.3 Bios firmware: 7.1 (Apr 19 2021) Gui: 2.46 FPGA: 169.55 uc: 6.15 allows attackers on the same network to bypass authentication by re-using the IP address assigned to the device by the…

  • CVE-2023-53970Dec 22, 2025
    risk 0.00cvss epss 0.00

    Screen SFT DAB 600/C Firmware 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP-bound session identifiers. Attackers can exploit the vulnerable deviceManagement API endpoint to reset device configurations…

  • CVE-2023-53969Dec 22, 2025
    risk 0.00cvss epss 0.00

    Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to…

  • CVE-2023-53968Dec 22, 2025
    risk 0.00cvss epss 0.01

    Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to…

  • CVE-2023-53967Dec 22, 2025
    risk 0.00cvss epss 0.00

    Screen SFT DAB 600/C firmware 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without requiring the current credentials. Attackers can exploit the userManager.cgx API endpoint by sending a crafted POST request with a new…

  • CVE-2023-7328Nov 14, 2025
    risk 0.00cvss epss 0.00

    Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values.