CVE-2023-53961

MEDIUM

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - CSRF

Title source: llm

Description

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages that submit HTTP requests to the radio processing interface, triggering unintended administrative operations when a logged-in user visits the page.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textlocalwindows

https://www.exploit-db.com/exploits/51168

View Code ZIP pw:eip

References (4)

[Product] https://web.archive.org/web/20221207074555/https://www.sound4.com/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/51168

[Third Party Advisory] https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-cross-site-request-forgery

[Exploit, Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5722.php

Scores

CVSS v3 4.3

EPSS 0.0008

EPSS Percentile 24.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CWE

CWE-352

Status published

Products (12)

sound4/big_voice2_firmware 1.30

sound4/big_voice4_firmware 1.2

sound4/first_firmware 2.15

sound4/first_firmware 1.69

sound4/impact_eco_firmware 1.16

sound4/impact_firmware 2.15

sound4/impact_firmware 1.69

sound4/pulse_eco_firmware 1.16

sound4/pulse_firmware 2.15

sound4/pulse_firmware 1.69

... and 2 more

Published Dec 22, 2025

Tracked Since Feb 18, 2026