CVE-2023-53741 identifies a session fixation vulnerability (CWE-384) in the Screen SFT DAB Series Compact Radio DAB Transmitter software version 1.9.3 by DB Elettronica Telecomunicazioni SpA. The vulnerability arises from weak session management where session identifiers are bound solely to IP addresses and can be reused by attackers. This flaw allows an attacker who can intercept or predict a valid session ID to bypass authentication controls without needing credentials or user interaction. The attacker can exploit the vulnerable API to perform unauthorized administrative actions, including removing user accounts, which compromises device integrity and management. The vulnerability is remotely exploitable over the network (Attack Vector: Adjacent Network) with low attack complexity and no privileges or user interaction required, as indicated by the CVSS 4.0 vector AV:A/AC:L/PR:N/UI:N. The impact on confidentiality is none, but integrity is high due to unauthorized account removal, and availability impact is low. The vulnerability affects version 1.9.3 of the product, with no patches currently published. No known exploits have been reported in the wild, but the risk remains significant due to the nature of the device and its role in broadcast infrastructure.

For European organizations, particularly broadcasters and telecom operators using the Screen SFT DAB Series transmitters, this vulnerability poses a significant risk. Unauthorized removal of user accounts can lead to loss of administrative control, potentially disrupting broadcast services or enabling further malicious activities such as configuration changes or denial of service. The integrity of broadcast transmissions could be compromised, impacting service reliability and regulatory compliance. Given the critical role of digital audio broadcasting in public communication and emergency alerts, exploitation could have broader societal impacts. Additionally, unauthorized access could expose sensitive operational data or enable lateral movement within organizational networks. The lack of authentication requirements and ease of exploitation increase the threat level, especially in environments where network segmentation or access controls are insufficient.

Organizations should immediately audit their deployment of Screen SFT DAB Series transmitters to identify affected versions (1.9.3). Network access to the management interfaces should be restricted using firewalls and network segmentation to limit exposure to trusted administrators only. Implement VPN or secure tunnels for remote management to prevent session hijacking. Since no official patches are available, consider applying compensating controls such as enforcing strict session expiration policies and monitoring for unusual session reuse patterns. Disable or restrict API access where possible, and enforce multi-factor authentication on management interfaces if supported. Regularly review user accounts and logs for unauthorized changes. Engage with the vendor for updates or patches and plan for timely deployment once available. Conduct penetration testing focused on session management to verify the effectiveness of mitigations.