CVE-2023-53970 is a vulnerability identified in the firmware version 1.9.3 of the Screen SFT DAB 600/C device manufactured by DB Elettronica Telecomunicazioni SpA. The core issue is weak session management that allows an attacker to bypass authentication controls by reusing session identifiers that are bound to IP addresses. Specifically, the deviceManagement API endpoint does not properly verify the authenticity of session tokens, enabling an attacker to send crafted POST requests with manipulated session parameters to reset device configurations without any authentication. This vulnerability is remotely exploitable over the network without requiring any privileges or user interaction, making it highly accessible to attackers. The flaw compromises the integrity and availability of the device by allowing unauthorized configuration resets, which could disrupt device operation or enable further attacks. The CVSS 4.0 base score of 8.7 (high severity) reflects the vulnerability’s network attack vector, low complexity, no authentication required, and high impact on availability. No patches or known exploits are currently documented, but the risk remains significant due to the critical nature of the device in telecom environments. The vulnerability was published on December 22, 2025, and is tracked under CVE-2023-53970.

The vulnerability poses a significant risk to European organizations that deploy the Screen SFT DAB 600/C device, particularly in telecommunications and critical infrastructure sectors. Exploitation could lead to unauthorized resets of device configurations, potentially causing service outages, degraded network performance, or loss of control over critical telecom equipment. This could disrupt communication services, impacting businesses, emergency services, and government operations. The lack of authentication and ease of remote exploitation increase the likelihood of attacks, especially from threat actors targeting telecom infrastructure. The integrity and availability of the device are directly affected, which could cascade into broader network instability. Given the strategic importance of telecom infrastructure in Europe, successful exploitation could also have national security implications. The absence of known exploits in the wild suggests the vulnerability is not yet actively exploited, but the high severity score indicates urgent attention is required to prevent future attacks.

1. Immediate mitigation should focus on restricting network access to the deviceManagement API endpoint by implementing strict firewall rules and network segmentation to limit exposure to trusted management networks only. 2. Monitor network traffic for unusual POST requests targeting the deviceManagement API, especially those with anomalous session parameters. 3. Engage with DB Elettronica Telecomunicazioni SpA to obtain firmware updates or patches addressing this vulnerability as soon as they become available. 4. If patches are not yet available, consider deploying compensating controls such as VPN access for management interfaces and multi-factor authentication at the network perimeter. 5. Conduct regular audits of device configurations to detect unauthorized resets or changes promptly. 6. Implement intrusion detection/prevention systems (IDS/IPS) with signatures or anomaly detection tuned to identify exploitation attempts targeting this vulnerability. 7. Educate network administrators about this vulnerability and the importance of securing management interfaces against unauthorized access.