DB Elettronica SFT DAB Series Authentication Bypass Vulnerability in User Password Management

A session management vulnerability has been identified in the Screen SFT DAB 600/C transmitter, specifically in firmware version 1.9.3. This vulnerability allows attackers to bypass authentication controls by exploiting the binding of session IDs to IP addresses. By reusing an IP address assigned to a victim, an attacker can send unauthorized requests to the userManager API to change user passwords, all without proper authentication.

Impact

Exploitation of this vulnerability could lead to unauthorized password changes, allowing for potential unauthorized access to user accounts or privileges.

Reproduction

To reproduce this vulnerability, an attacker must be on the same network as the target device and reuse the IP address of a user who has an active session. Once the session is established, the attacker can send requests to the userManager API to change passwords without authentication.