该网页截图提供了以下关于漏洞的关键信息: 漏洞标题:Screen SFT DAB 600/C <= 1.9.3 Unauthenticated Information Disclosure 严重性:MEDIUM 日期:November 14, 2025 影响版本: - Screen SFT DAB 600/C <= 1.9.3 - An affected version range remains undefined CVE:CVE-2023-7328 CWE:CWE-306 Missing Authentication for Critical Function CVSS:6.9 CVSS V4 向量:CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N 参考链接: - Zero Science Lab Disclosure (ZSL-2023-5776) - ExploitDB-51460 - Packet Storm Security (#172332) - SFT DAB Product Site 发现者:Gjoko Krstic of Zero Science Lab 漏洞描述:Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values.