Vulnerability Description
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated directory traversal vulnerability that allows remote attackers to write arbitrary files through the 'upgfile' parameter in upload.cgi. Attackers can exploit the vulnerability by sending crafted multipart form-data POST requests with directory traversal sequences to write files to unintended system locations.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sound4 | Impact Firmware | 2.15 |
| Sound4 | Impact | 2.0 |
| Sound4 | Pulse Firmware | 2.15 |
| Sound4 | Pulse | 2.0 |
| Sound4 | First Firmware | 2.15 |
| Sound4 | First | 2.0 |
| Sound4 | Impact Eco Firmware | 1.16 |
| Sound4 | Impact Eco | - |
| Sound4 | Pulse Eco Firmware | 1.16 |
| Sound4 | Pulse Eco | - |
| Sound4 | Big Voice4 Firmware | 1.2 |
| Sound4 | Big Voice4 | - |
| Sound4 | Big Voice2 Firmware | 1.30 |
| Sound4 | Big Voice2 | - |
| Sound4 | Wm2 Firmware | 1.11 |
| Sound4 | Wm2 | - |
| Sound4 | Stream Extension | 2.4.29 |
Related Weaknesses (CWE)
References
- https://web.archive.org/web/20221207074555/https://www.sound4.com/Product
- https://www.exploit-db.com/exploits/51172ExploitThird Party AdvisoryVDB Entry
- https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-unauthenticatedThird Party Advisory
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5730.phpExploitThird Party Advisory
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5730.phpExploitThird Party Advisory
FAQ
What is CVE-2023-53962?
CVE-2023-53962 is a vulnerability with a CVSS score of 7.5 (HIGH). SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated directory traversal vulnerability that allows remote attackers to write arbitrary files through the 'upgfile' parameter in upload.cgi. At...
How severe is CVE-2023-53962?
CVE-2023-53962 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-53962?
Check the references section above for vendor advisories and patch information. Affected products include: Sound4 Impact Firmware, Sound4 Impact, Sound4 Pulse Firmware, Sound4 Pulse, Sound4 First Firmware.