CVE-2023-53740

CriticalPublic PoC

Published: 10 December 2025

Published

10 December 2025

Modified

17 December 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0046 64.1th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to…

directly modify the admin account.

Mitigating Controls (NIST 800-53 r5)AI

IA-5 Authenticator Management good match

prevent

IA-5 requires secure management of authenticators including verification of identity prior to password changes, directly preventing unauthorized modifications via the userManager.cgx endpoint.

AC-2 Account Management good match

prevent

AC-2 mandates procedures for account management including authorized modifications to accounts, countering the bypass that allows direct admin password changes without credentials.

SI-10 Information Input Validation good match

prevent

SI-10 enforces validation of information inputs at system boundaries, mitigating crafted JSON requests to the vulnerable userManager.cgx endpoint.

Security SummaryAI

CVE-2023-53740 is an authentication bypass vulnerability (CWE-862) in Screen SFT DAB version 1.9.3. The flaw resides in the userManager.cgx endpoint, which allows attackers to change the admin password without supplying current credentials by sending a crafted JSON request containing a new MD5-hashed password, thereby directly modifying the admin account.

Remote, unauthenticated attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required, as reflected in its critical CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Successful exploitation enables full compromise of the admin account, potentially leading to high impacts on confidentiality, integrity, and availability of the affected system.

Advisories such as the VulnCheck report detail the authentication bypass mechanism, while a proof-of-concept exploit is publicly available on Exploit-DB (ID 51458). Vendor resources from DB Broadcast and Screen provide context on the SFT DAB series compact air product, and practitioners should review these references for any available patches or mitigation steps.

Details

CWE(s): CWE-862

Affected Products

dbbroadcast

sft dab 015\/c firmware

1.9.3

dbbroadcast

sft dab 050\/c firmware

1.9.3

dbbroadcast

sft dab 150\/c firmware

1.9.3

dbbroadcast

sft dab 300\/c firmware

1.9.3

dbbroadcast

sft dab 600\/c firmware

1.9.3

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability allows remote unauthenticated attackers to bypass authentication and modify the admin password via a public-facing web endpoint (userManager.cgx), directly enabling T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://www.dbbroadcast.com
Product · disclosure@vulncheck.com
https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/
Product · disclosure@vulncheck.com
https://www.exploit-db.com/exploits/51458
Exploit, Third Party Advisory · disclosure@vulncheck.com
https://www.screen.it
Product · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/screen-sft-dab-authentication-bypass-via-admin-password-change
Third Party Advisory · disclosure@vulncheck.com
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5774.php
Third Party Advisory, Exploit · disclosure@vulncheck.com
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5774.php
Third Party Advisory, Exploit · 134c704f-9b21-4f2e-91b3-4a467353bcc0