Lucene search
K

104 matches found

EUVD
EUVD
added 2025/12/23 12:30 a.m.4 views

EUVD-2023-60249

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated vulnerability in the /usr/cgi-bin/restorefactory.cgi endpoint that allows remote attackers to reset device configuration. Attackers can send a POST request to the endpoint with specific data to trigger a factory reset and bypass...

8.8CVSS6.5AI score0.00872EPSS
Exploits2References5
EUVD
EUVD
added 2025/12/23 12:30 a.m.6 views

EUVD-2023-60244

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access hidden system resources. Attackers can exploit the vulnerability by manipulating user-supplied input to execute privileged functionalities without...

9.8CVSS6.6AI score0.00758EPSS
Exploits2References5
EUVD
EUVD
added 2025/12/23 12:30 a.m.4 views

EUVD-2023-60248

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can exploit the login.php and index.php scripts by injecting shell commands via the...

9.8CVSS8.1AI score0.0303EPSS
Exploits2References5
EUVD
EUVD
added 2025/12/23 12:30 a.m.6 views

EUVD-2023-60246

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages that submit HTTP requests to the radio processing interface, triggering unintended...

5.3CVSS6.3AI score0.00159EPSS
Exploits2References5
OSV
OSV
added 2025/12/22 10:16 p.m.4 views

CVE-2023-53961

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages that submit HTTP requests to the radio processing interface, triggering unintended...

4.3CVSS5.7AI score0.00159EPSS
Exploits2References4
OSV
OSV
added 2025/12/22 10:16 p.m.5 views

CVE-2023-53963

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can exploit the login.php and index.php scripts by injecting shell commands via the...

9.3CVSS6.1AI score0.0303EPSS
Exploits2References4
NVD
NVD
added 2025/12/22 10:16 p.m.29 views

CVE-2023-53960

SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x contains an SQL injection vulnerability in the 'index.php' authentication mechanism that allows attackers to manipulate login credentials. Attackers can inject malicious SQL code through the 'password' POST parameter to bypass authentication and potential...

9.8CVSS0.00661EPSS
Exploits2References4
OSV
OSV
added 2025/12/22 10:16 p.m.6 views

CVE-2023-53962

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated directory traversal vulnerability that allows remote attackers to write arbitrary files through the 'upgfile' parameter in upload.cgi. Attackers can exploit the vulnerability by sending crafted multipart form-data POST requests with...

7.5CVSS6AI score0.01042EPSS
Exploits2References4
NVD
NVD
added 2025/12/22 10:16 p.m.5 views

CVE-2023-53961

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages that submit HTTP requests to the radio processing interface, triggering unintended...

5.1CVSS0.00159EPSS
Exploits2References4
OSV
OSV
added 2025/12/22 10:16 p.m.5 views

CVE-2023-53960

SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x contains an SQL injection vulnerability in the 'index.php' authentication mechanism that allows attackers to manipulate login credentials. Attackers can inject malicious SQL code through the 'password' POST parameter to bypass authentication and potential...

9.8CVSS6AI score0.00661EPSS
Exploits2References4
NVD
NVD
added 2025/12/22 10:15 p.m.7 views

CVE-2023-53955

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access hidden system resources. Attackers can exploit the vulnerability by manipulating user-supplied input to execute privileged functionalities without...

9.8CVSS0.00758EPSS
Exploits2References4
OSV
OSV
added 2025/12/22 10:15 p.m.4 views

CVE-2023-53955

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access hidden system resources. Attackers can exploit the vulnerability by manipulating user-supplied input to execute privileged functionalities without...

9.3CVSS5.9AI score0.00758EPSS
Exploits2References4
Cvelist
Cvelist
added 2025/12/22 9:37 p.m.27 views

CVE-2023-53964 SOUND4 IMPACT/FIRST/PULSE/Eco v2.x Unauthenticated Factory Reset Vulnerability

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated vulnerability in the /usr/cgi-bin/restorefactory.cgi endpoint that allows remote attackers to reset device configuration. Attackers can send a POST request to the endpoint with specific data to trigger a factory reset and bypass...

9.8CVSS0.00872EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2025/12/22 9:37 p.m.3 views

CVE-2023-53964 SOUND4 IMPACT/FIRST/PULSE/Eco v2.x Unauthenticated Factory Reset Vulnerability

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated vulnerability in the /usr/cgi-bin/restorefactory.cgi endpoint that allows remote attackers to reset device configuration. Attackers can send a POST request to the endpoint with specific data to trigger a factory reset and bypass...

9.8CVSS6.7AI score0.00872EPSS
Exploits2References4
Cvelist
Cvelist
added 2025/12/22 9:37 p.m.20 views

CVE-2023-53963 SOUND4 IMPACT/FIRST/PULSE/Eco v2.x Unauthenticated Remote Command Injection

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can exploit the login.php and index.php scripts by injecting shell commands via the...

9.8CVSS0.0303EPSS
Exploits2References4
CVE
CVE
added 2025/12/22 9:37 p.m.12 views

CVE-2023-53963

CVE-2023-53963 affects SOUND4 IMPACT/FIRST/PULSE/Eco v2.x and describes an unauthenticated OS command injection via the password parameter in login.php and index.php, enabling remote command execution with web server privileges. Public references document a PoC and multiple exploits (e.g., Exploi...

9.8CVSS8.2AI score0.0303EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2025/12/22 9:37 p.m.26 views

CVE-2023-53962 SOUND4 IMPACT/FIRST/PULSE/Eco v2.x Unauthenticated Directory Traversal File Write

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated directory traversal vulnerability that allows remote attackers to write arbitrary files through the 'upgfile' parameter in upload.cgi. Attackers can exploit the vulnerability by sending crafted multipart form-data POST requests with...

8.8CVSS0.01042EPSS
Exploits2References4
Cvelist
Cvelist
added 2025/12/22 9:37 p.m.24 views

CVE-2023-53961 SOUND4 IMPACT/FIRST/PULSE/Eco v2.x Cross-Site Request Forgery

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages that submit HTTP requests to the radio processing interface, triggering unintended...

5.1CVSS0.00159EPSS
Exploits2References4
CVE
CVE
added 2025/12/22 9:37 p.m.12 views

CVE-2023-53961

CVE-2023-53961 affects SOUND4 IMPACT/FIRST/PULSE/Eco v2.x (and related SOUND4 processors per ZSL reference) with a cross-site request forgery. The issue allows an attacker to cause administrative actions on a logged-in user’s session by visiting a malicious page that submits HTTP requests to the ...

5.1CVSS6.4AI score0.00159EPSS
Exploits2References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/22 9:37 p.m.3 views

CVE-2023-53961 SOUND4 IMPACT/FIRST/PULSE/Eco v2.x Cross-Site Request Forgery

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages that submit HTTP requests to the radio processing interface, triggering unintended...

5.1CVSS6.4AI score0.00159EPSS
Exploits2References4
Rows per page
Query Builder