CVE-2023-53961

MEDIUM EPSS 5.4%
Published Dec 22, 20256mo ago · Modified Jun 17, 20262w ago
5.1 CVSS 4.0
Medium
Find Similar
Published Dec 22, 2025 6mo ago
Last Modified Jun 17, 2026 2w ago

Description

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages that submit HTTP requests to the radio processing interface, triggering unintended administrative operations when a logged-in user visits the page.

CVSS Details

Base Score
5.1
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction A
Scope X

Threat Intelligence

EPSS Exploit Probability
5.4% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-352 Cross-Site Request Forgery (CSRF) Authentication

Affected Products 23

VendorProductVersionRange
sound4impact_firmware2.15any
sound4impact2.0any
sound4impact_firmware1.69any
sound4impact1.0any
sound4pulse_firmware2.15any
sound4pulse2.0any
sound4pulse_firmware1.69any
sound4pulse1.0any
sound4first_firmware2.15any
sound4first2.0any
sound4first_firmware1.69any
sound4first1.0any
sound4impact_eco_firmware1.16any
sound4impact_eco*any
sound4pulse_eco_firmware1.16any
sound4pulse_eco*any
sound4big_voice4_firmware1.2any
sound4big_voice4*any
sound4big_voice2_firmware1.30any
sound4big_voice2*any
sound4wm2_firmware1.11any
sound4wm2*any
sound4stream_extension2.4.29any

References 4

  • web.archive.org https://web.archive.org/web/20221207074555/https://www.sound4.com/
    Product
  • exploit-db.com https://www.exploit-db.com/exploits/51168
    ExploitThird Party AdvisoryVDB Entry
  • vulncheck.com https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-cross-site-request-forgery
    Third Party Advisory
  • zeroscience.mk https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5722.php
    ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.