Search
Search Results (6 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-53970 | 2 Db Elettronica, Dbbroadcast | 3 Screen Sft Dab 600c, Sft Dab 600\/c, Sft Dab 600\/c Firmware | 2025-12-26 | 7.5 High |
| Screen SFT DAB 600/C Firmware 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP-bound session identifiers. Attackers can exploit the vulnerable deviceManagement API endpoint to reset device configurations by sending crafted POST requests with manipulated session parameters. | ||||
| CVE-2023-53969 | 2 Db Elettronica, Dbbroadcast | 3 Screen Sft Dab 600c, Sft Dab 600\/c, Sft Dab 600\/c Firmware | 2025-12-26 | 7.5 High |
| Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to change user passwords without proper authentication. | ||||
| CVE-2023-53967 | 2 Db Elettronica, Dbbroadcast | 3 Screen Sft Dab 600c, Sft Dab 600\/c, Sft Dab 600\/c Firmware | 2025-12-26 | 7.5 High |
| Screen SFT DAB 600/C firmware 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without requiring the current credentials. Attackers can exploit the userManager.cgx API endpoint by sending a crafted POST request with a new MD5-hashed password to directly modify the admin account's authentication. | ||||
| CVE-2023-53968 | 2 Db Elettronica, Dbbroadcast | 3 Screen Sft Dab 600c, Sft Dab 600\/c, Sft Dab 600\/c Firmware | 2025-12-26 | 9.8 Critical |
| Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to remove user accounts without proper authentication. | ||||
| CVE-2025-66252 | 1 Dbbroadcast | 45 Mozart Dds Next 100, Mozart Dds Next 1000, Mozart Dds Next 1000 Firmware and 42 more | 2025-12-03 | 7.5 High |
| Infinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Infinite loop when unlink() fails in status_contents.php causing DoS. Due to the fact that the unlink operation is done in a while loop; if an immutable file is specified or otherwise a file in which the process has no permissions to delete; it would repeatedly attempt to do in a loop. | ||||
| CVE-2023-33684 | 1 Dbbroadcast | 3 Sft Dab 600\/c, Sft Dab 600\/c Bios, Sft Dab 600\/c Firmware | 2024-11-21 | 5.7 Medium |
| Weak session management in DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware: 1.9.3 Bios firmware: 7.1 (Apr 19 2021) Gui: 2.46 FPGA: 169.55 uc: 6.15 allows attackers on the same network to bypass authentication by re-using the IP address assigned to the device by the NAT protocol. | ||||
Page 1 of 1.