Vulnerability Details CVE-2023-53964
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated vulnerability in the /usr/cgi-bin/restorefactory.cgi endpoint that allows remote attackers to reset device configuration. Attackers can send a POST request to the endpoint with specific data to trigger a factory reset and bypass authentication, gaining full system control.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.0%
CVSS Severity
CVSS v3 Score 7.5
References
- https://web.archive.org/web/20221207074555/https://www.sound4.com/
- https://www.exploit-db.com/exploits/51174
- https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-unauthenticated-factory-reset-vulnerability
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5742.php
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5742.php
Products affected by CVE-2023-53964
-
cpe:2.3:a:sound4:stream_extension:2.4.29
-
cpe:2.3:h:sound4:big_voice2:-
-
cpe:2.3:h:sound4:big_voice4:-
-
cpe:2.3:h:sound4:first:1.0
-
cpe:2.3:h:sound4:first:2.0
-
cpe:2.3:h:sound4:impact:1.0
-
cpe:2.3:h:sound4:impact:2.0
-
cpe:2.3:h:sound4:impact_eco:-
-
cpe:2.3:h:sound4:pulse:1.0
-
cpe:2.3:h:sound4:pulse:2.0
-
cpe:2.3:h:sound4:pulse_eco:-
-
cpe:2.3:h:sound4:wm2:-
-
cpe:2.3:o:sound4:big_voice2_firmware:1.30
-
cpe:2.3:o:sound4:big_voice4_firmware:1.2
-
cpe:2.3:o:sound4:first_firmware:1.69
-
cpe:2.3:o:sound4:first_firmware:2.15
-
cpe:2.3:o:sound4:impact_eco_firmware:1.16
-
cpe:2.3:o:sound4:impact_firmware:1.69
-
cpe:2.3:o:sound4:impact_firmware:2.15
-
cpe:2.3:o:sound4:pulse_eco_firmware:1.16
-
cpe:2.3:o:sound4:pulse_firmware:1.69
-
cpe:2.3:o:sound4:pulse_firmware:2.15
-
cpe:2.3:o:sound4:wm2_firmware:1.11