Vulnerability Description
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages that submit HTTP requests to the radio processing interface, triggering unintended administrative operations when a logged-in user visits the page.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sound4 | Impact Firmware | 2.15 |
| Sound4 | Impact | 2.0 |
| Sound4 | Pulse Firmware | 2.15 |
| Sound4 | Pulse | 2.0 |
| Sound4 | First Firmware | 2.15 |
| Sound4 | First | 2.0 |
| Sound4 | Impact Eco Firmware | 1.16 |
| Sound4 | Impact Eco | - |
| Sound4 | Pulse Eco Firmware | 1.16 |
| Sound4 | Pulse Eco | - |
| Sound4 | Big Voice4 Firmware | 1.2 |
| Sound4 | Big Voice4 | - |
| Sound4 | Big Voice2 Firmware | 1.30 |
| Sound4 | Big Voice2 | - |
| Sound4 | Wm2 Firmware | 1.11 |
| Sound4 | Wm2 | - |
| Sound4 | Stream Extension | 2.4.29 |
Related Weaknesses (CWE)
References
- https://web.archive.org/web/20221207074555/https://www.sound4.com/Product
- https://www.exploit-db.com/exploits/51168ExploitThird Party AdvisoryVDB Entry
- https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-cross-site-requThird Party Advisory
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5722.phpExploitThird Party Advisory
- https://www.exploit-db.com/exploits/51168ExploitThird Party AdvisoryVDB Entry
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5722.phpExploitThird Party Advisory
FAQ
What is CVE-2023-53961?
CVE-2023-53961 is a vulnerability with a CVSS score of 4.3 (MEDIUM). SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web p...
How severe is CVE-2023-53961?
CVE-2023-53961 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-53961?
Check the references section above for vendor advisories and patch information. Affected products include: Sound4 Impact Firmware, Sound4 Impact, Sound4 Pulse Firmware, Sound4 Pulse, Sound4 First Firmware.