CVE-2023-53740: CRITICAL Severity Authentication Bypass in Screen SFT DAB | Secably CVE Database

Summary

CVE-2023-53740 is a critical authentication bypass vulnerability affecting Screen SFT DAB 1.9.3. This vulnerability allows an unauthenticated attacker to change the administrator password without providing the existing credentials, leading to complete system compromise.

Technical Details

CVE-2023-53740 stems from a flaw in the userManager.cgx endpoint within Screen SFT DAB 1.9.3. The application fails to properly validate user authentication before allowing password modifications. An attacker can exploit this by sending a specially crafted JSON request to the userManager.cgx endpoint. This request includes a new MD5-hashed password for the administrator account. The application then directly updates the admin account's password in the system's database without requiring any prior authentication or authorization. The lack of proper authentication checks on this endpoint allows for trivial password reset by unauthorized parties, granting them full administrative control over the affected device.

The vulnerability lies in the insufficient access control and input validation mechanisms surrounding the password modification functionality. The application trusts the incoming request without verifying the identity of the requester, allowing for arbitrary modification of sensitive account information.

Affected Products and Versions

The following dbbroadcast products running Screen SFT DAB 1.9.3 are confirmed to be affected by CVE-2023-53740:

dbbroadcast sft_dab_015/c_firmware
dbbroadcast sft_dab_050/c_firmware
dbbroadcast sft_dab_150/c_firmware
dbbroadcast sft_dab_300/c_firmware
dbbroadcast sft_dab_600/c_firmware

Impact Assessment

Successful exploitation of CVE-2023-53740 allows an attacker to gain complete control over the affected Screen SFT DAB device. This can have severe consequences, including:

Full System Compromise: Attackers can gain administrative access, allowing them to modify system configurations, install malware, and control device functionality.
Data Breach Risk: Sensitive data stored on the device, including configuration settings and potentially user data, can be accessed and exfiltrated.
Service Disruption: Attackers can disrupt the normal operation of the device, leading to service outages and business interruptions.
Lateral Movement: Compromised devices can be used as a foothold to attack other systems on the network.

Remediation

Immediate Actions

Isolate Affected Devices: Immediately isolate affected Screen SFT DAB devices from the network to prevent further compromise or lateral movement.
Monitor Network Traffic: Monitor network traffic for suspicious activity originating from or directed towards affected devices.
Contact Vendor: Contact dbbroadcast or Screen for official patches or updated firmware.

Long-term Solutions

Apply Security Patches: Apply any security patches or firmware updates released by the vendor as soon as they become available.
Implement Strong Authentication: Ensure that all administrative interfaces require strong authentication mechanisms, such as multi-factor authentication.
Regular Security Audits: Conduct regular security audits and penetration testing to identify and address potential vulnerabilities.

References

Detection & Scanning

This vulnerability can be detected by monitoring network traffic for suspicious requests to the userManager.cgx endpoint. Specifically, look for POST requests containing JSON payloads with a new MD5-hashed password for the administrator account. Vulnerability scanners can also be used to identify vulnerable Screen SFT DAB devices on the network.

Scan Your Website

Secably AI Scanner can detect this and 50+ other vulnerabilities automatically.

Start Free Scan