CVE-2023-53962 SOUND4 IMPACT/FIRST/PULSE/Eco v2.x Unauthenticated Directory Traversal File Write

🗓️ 22 Dec 2025 21:37:16Reported by VulnCheckType

Unauthenticated directory traversal enables file write via upgfile parameter in upload.cgi on SOUND4 Impact FIRST PULSE Eco v2.x.

Reporter	Title	Published	Views	Family All 8
CNNVD	Sound4 IMPACT 路径遍历漏洞	22 Dec 202500:00	–	cnnvd
CVE	CVE-2023-53962	22 Dec 202521:37	–	cve
EUVD	EUVD-2023-60247	23 Dec 202500:30	–	euvd
NVD	CVE-2023-53962	22 Dec 202522:16	–	nvd
OSV	CVE-2023-53962	22 Dec 202522:16	–	osv
Positive Technologies	PT-2025-52699	22 Dec 202500:00	–	ptsecurity
Vulnrichment	CVE-2023-53962 SOUND4 IMPACT/FIRST/PULSE/Eco v2.x Unauthenticated Directory Traversal File Write	22 Dec 202521:37	–	vulnrichment
Zero Science Lab	SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Directory Traversal File Write Exploit	14 Dec 202200:00	–	zeroscience

[
  {
    "vendor": "SOUND4 Ltd.",
    "product": "Impact/Pulse/First",
    "versions": [
      {
        "version": "Version 2: 1.1/2.15",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "SOUND4 Ltd.",
    "product": "Impact/Pulse Eco",
    "versions": [
      {
        "version": "1.16",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "SOUND4 Ltd.",
    "product": "BigVoice4",
    "versions": [
      {
        "version": "1.2",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "SOUND4 Ltd.",
    "product": "BigVoice2",
    "versions": [
      {
        "version": "1.30",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "SOUND4 Ltd.",
    "product": "Stream",
    "versions": [
      {
        "version": "1.1/2.4.29",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Kantar Media",
    "product": "WM2",
    "versions": [
      {
        "version": "1.11",
        "status": "affected"
      }
    ]
  }
]

Source	Link
web	www.web.archive.org/web/20221207074555/https://www.sound4.com/
zeroscience	www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5730.php
exploit-db	www.exploit-db.com/exploits/51172
vulncheck	www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-unauthenticated-directory-traversal-file-write

16 Jan 2026 19:00Current

CVSS 3.17.5

CVSS 48.8

EPSS0.01042

CWE-22