CVE-2023-33684

low-risk
Published 2023-06-06

Weak session management in DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware: 1.9.3 Bios firmware: 7.1 (Apr 19 2021) Gui: 2.46 FPGA: 169.55 uc: 6.15 allows attackers on the same network to bypass authentication by re-using the IP address assigned to the device by the NAT protocol.

Do I need to act?

-
0.01% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.7/10 Medium
ADJACENT_NETWORK / LOW complexity

Affected Products (2)

Sft Dab 600\/C Bios
Sft Dab 600\/C Firmware

Affected Vendors

Dbbroadcast

References (2)

Third Party Advisory https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5771.php
Third Party Advisory https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5771.php
26
/ 100
low-risk
Severity 19/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 7/34 · Low