CVE-2023-53961

Medium CVSS: 5.1

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages that submit HTTP requests to the radio processing interface, triggering unintended administrative operations when a logged-in user visits the page.

Vendor

Sound4

Product

Impact Firmware

CWE

CWE-352

Yayın Tarihi

2025-12-22 22:16:00

Güncelleme

2026-01-16 19:16:13

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-352 Impact Firmware MEDIUM Sound4 2025

Referanslar

https://web.archive.org/web/20221207074555/https://www.sound4.com/ https://www.exploit-db.com/exploits/51168 https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-cross-site-request-forgery https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5722.php https://www.exploit-db.com/exploits/51168 https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5722.php

Benzer Kayıtlar

High

CVE-2022-50792

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure vulnerability that allow…

High

CVE-2022-50793

SOUND4 IMPACT/FIRST/PULSE/Eco

Critical

CVE-2022-50794

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the u…

High

CVE-2022-50795

SOUND4 IMPACT/FIRST/PULSE/Eco

Critical

CVE-2022-50796

SOUND4 IMPACT/FIRST/PULSE/Eco

Critical

CVE-2022-50696

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain hardcoded credentials embedded in server binaries that cann…