DB Elettronica SFT DAB Series Authentication Bypass Vulnerability Allowing Unauthorized Password Changes

An authentication bypass vulnerability has been identified in the Screen SFT DAB series DAB transmitters, specifically in version 1.9.3. This vulnerability allows attackers to change user passwords by exploiting weak session management controls. By reusing IP-bound session identifiers, attackers can issue unauthorized requests to the userManager API and modify user credentials without proper authentication.

Impact

Exploitation of this vulnerability could lead to unauthorized password changes, allowing for potential unauthorized access to user accounts or privileges.

Reproduction

To reproduce this vulnerability, an attacker must be on the same network as the victim and reuse the victim's IP address to exploit the weak session management. Once the session is established, the attacker can send unauthorized requests to the userManager API to change user passwords.