CVE-2023-53963

CRITICAL

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53963. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated OS command injection vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco v2.x. The vulnerability is exploited via the 'password' HTTP POST parameter in index.php and login.php, allowing arbitrary shell command execution.

Description

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can exploit the login.php and index.php scripts by injecting shell commands via the 'password' POST parameter to execute commands with web server privileges.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textlocalwindows

https://www.exploit-db.com/exploits/51173

View Code ZIP pw:eip

This exploit demonstrates an unauthenticated OS command injection vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco v2.x. The vulnerability is exploited via the 'password' HTTP POST parameter in index.php and login.php, allowing arbitrary shell command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: SOUND4 IMPACT/FIRST/PULSE/Eco v2.x

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory, VDB Entry exploit

https://www.exploit-db.com/exploits/51173

Product product

https://web.archive.org/web/20221207074555/https://www.sound4.com/

Exploit, Third Party Advisory third-party-advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5738.php

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-unauthenticated-remote-command-injection

Scores

CVSS v3 9.8

EPSS 0.0303

EPSS Percentile 85.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-78

Status published

Products (12)

sound4/big_voice2_firmware 1.30

sound4/big_voice4_firmware 1.2

sound4/first_firmware 2.15

sound4/first_firmware 1.69

sound4/impact_eco_firmware 1.16

sound4/impact_firmware 2.15

sound4/impact_firmware 1.69

sound4/pulse_eco_firmware 1.16

sound4/pulse_firmware 2.15

sound4/pulse_firmware 1.69

... and 2 more

Published Dec 22, 2025

Tracked Since Feb 18, 2026