CVE-2023-53961

medium

Description

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages that submit HTTP requests to the radio processing interface, triggering unintended administrative operations when a logged-in user visits the page.

References

https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-cross-site-request-forgery

https://www.exploit-db.com/exploits/51168

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5722.php

https://web.archive.org/web/20221207074555/https://www.sound4.com/

Details

Source: Mitre, NVD

Published: 2025-12-22

Updated: 2026-01-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Severity: Medium

CVSS v4

Base Score: 5.1

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00015