9.8
CVE-2023-53964
- EPSS 1.04%
- Veröffentlicht 22.12.2025 21:37:17
- Zuletzt bearbeitet 16.01.2026 19:16:14
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
LoginSOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated vulnerability in the /usr/cgi-bin/restorefactory.cgi endpoint that allows remote attackers to reset device configuration. Attackers can send a POST request to the endpoint with specific data to trigger a factory reset and bypass authentication, gaining full system control.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sound4 ≫ Impact Firmware Version2.15
Sound4 ≫ Impact Firmware Version1.69
Sound4 ≫ Pulse Firmware Version2.15
Sound4 ≫ Pulse Firmware Version1.69
Sound4 ≫ First Firmware Version2.15
Sound4 ≫ First Firmware Version1.69
Sound4 ≫ Impact Eco Firmware Version1.16
Sound4 ≫ Pulse Eco Firmware Version1.16
Sound4 ≫ Big Voice4 Firmware Version1.2
Sound4 ≫ Big Voice2 Firmware Version1.30
Sound4 ≫ Wm2 Firmware Version1.11
Sound4 ≫ Stream Extension Version2.4.29
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.04% | 0.771 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| disclosure@vulncheck.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| disclosure@vulncheck.com | 8.8 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.