9.8

CVE-2023-53964

Exploit

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x Unauthenticated Factory Reset Vulnerability

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated vulnerability in the /usr/cgi-bin/restorefactory.cgi endpoint that allows remote attackers to reset device configuration. Attackers can send a POST request to the endpoint with specific data to trigger a factory reset and bypass authentication, gaining full system control.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sound4Impact Firmware Version2.15
   Sound4Impact Version2.0
Sound4Impact Firmware Version1.69
   Sound4Impact Version1.0
Sound4Pulse Firmware Version2.15
   Sound4Pulse Version2.0
Sound4Pulse Firmware Version1.69
   Sound4Pulse Version1.0
Sound4First Firmware Version2.15
   Sound4First Version2.0
Sound4First Firmware Version1.69
   Sound4First Version1.0
Sound4Impact Eco Firmware Version1.16
   Sound4Impact Eco Version-
Sound4Pulse Eco Firmware Version1.16
   Sound4Pulse Eco Version-
Sound4Big Voice4 Firmware Version1.2
   Sound4Big Voice4 Version-
Sound4Big Voice2 Firmware Version1.30
   Sound4Big Voice2 Version-
Sound4Wm2 Firmware Version1.11
   Sound4Wm2 Version-
Sound4Stream Extension Version2.4.29
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.87% 0.541
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
disclosure@vulncheck.com 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
disclosure@vulncheck.com 8.8 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://web.archive.org/web/20221207074555/https://www.sound4.com/
Product
https://www.exploit-db.com/exploits/51174
Third Party Advisory
Exploit
VDB Entry
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5742.php
Third Party Advisory
Exploit
https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-unauthenticated-factory-reset-vulnerability
Third Party Advisory