Sign In
Advisories

Screen SFT DAB 600/C Firmware 1.9.3 Authentication Bypass Erase Account

Go Back
severity
critical
date
Affecting

  • Screen SFT DAB 600/C -

CWE
  • CWE-306 Missing Authentication for Critical Function
CVSS
9.3
CVSS V4 Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Credit
LiquidWorm as Gjoko Krstic of Zero Science Lab
Description
Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to remove user accounts without proper authentication.