CVE-2023-53962

Exploit

EPSS 5.04%
Veröffentlicht 22.12.2025 21:37:16
Zuletzt bearbeitet 16.01.2026 19:16:13
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated directory traversal vulnerability that allows remote attackers to write arbitrary files through the 'upgfile' parameter in upload.cgi. Attackers can exploit the vulnerability by sending crafted multipart form-data POST requests with directory traversal sequences to write files to unintended system locations.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sound4 ≫ Impact Firmware Version2.15

Sound4 ≫ Impact Version2.0

Sound4 ≫ Impact Firmware Version1.69

Sound4 ≫ Impact Version1.0

Sound4 ≫ Pulse Firmware Version2.15

Sound4 ≫ Pulse Version2.0

Sound4 ≫ Pulse Firmware Version1.69

Sound4 ≫ Pulse Version1.0

Sound4 ≫ First Firmware Version2.15

Sound4 ≫ First Version2.0

Sound4 ≫ First Firmware Version1.69

Sound4 ≫ First Version1.0

Sound4 ≫ Impact Eco Firmware Version1.16

Sound4 ≫ Impact Eco Version-

Sound4 ≫ Pulse Eco Firmware Version1.16

Sound4 ≫ Pulse Eco Version-

Sound4 ≫ Big Voice4 Firmware Version1.2

Sound4 ≫ Big Voice4 Version-

Sound4 ≫ Big Voice2 Firmware Version1.30

Sound4 ≫ Big Voice2 Version-

Sound4 ≫ Wm2 Firmware Version1.11

Sound4 ≫ Wm2 Version-

Sound4 ≫ Stream Extension Version2.4.29

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.04%	0.895

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
disclosure@vulncheck.com	8.8	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://web.archive.org/web/20221207074555/https://www.sound4.com/

Product

https://www.exploit-db.com/exploits/51172

Third Party Advisory

Exploit

VDB Entry

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5730.php

Third Party Advisory

Exploit

https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-unauthenticated-directory-traversal-file-write

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-53962