Sign In
Advisories

Screen SFT DAB 600/C <= 1.9.3 Unauthenticated Information Disclosure

Go Back
severity
medium
date
Affecting

  • Screen SFT DAB 600/C <= 1.9.3

  • An affected version range remains undefined

CWE
  • CWE-306 Missing Authentication for Critical Function
CVSS
6.9
CVSS V4 Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Credit
Gjoko Krstic of Zero Science Lab
Description
Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values.