CVE-2023-53740 PUBLISHED

Screen SFT DAB 1.9.3 Authentication Bypass via Admin Password Change

Assigner: VulnCheck
Reserved: 07.12.2025 Published: 10.12.2025 Updated: 11.12.2025

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify the admin account.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
CVSS Score: 8.6

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Adjacent	Confidentiality	High	Confidentiality	None
Attack Complexity	Low	Integrity	High	Integrity	None
Attack Requirements	None	Availability	Low	Availability	None
Privileges Required	None
User Interaction	Passive

CVSS 4.0

Product Status

Vendor	DB Elettronica Telecomunicazioni SpA
Product	Screen SFT DAB Series - Compact Radio DAB Transmitter
Versions	Default: unaffected Version 1.9.3 is affected

CVE-2023-53740 PUBLISHED

Screen SFT DAB 1.9.3 Authentication Bypass via Admin Password Change

Metrics

Product Status

Credits

References

Problem Types