Filtered by vendor Sound4
Subscriptions
Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-53961 | 1 Sound4 | 3 First, Impact, Pulse-eco | 2025-12-23 | 5.3 Medium |
| SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages that submit HTTP requests to the radio processing interface, triggering unintended administrative operations when a logged-in user visits the page. | ||||
| CVE-2023-53965 | 1 Sound4 | 1 Server Service | 2025-12-23 | 8.4 High |
| SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during service startup. | ||||
| CVE-2023-53964 | 1 Sound4 | 3 First, Impact, Pulse-eco | 2025-12-23 | 7.5 High |
| SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated vulnerability in the /usr/cgi-bin/restorefactory.cgi endpoint that allows remote attackers to reset device configuration. Attackers can send a POST request to the endpoint with specific data to trigger a factory reset and bypass authentication, gaining full system control. | ||||
| CVE-2025-57431 | 1 Sound4 | 3 Pulse-eco, Pulse-eco Aes67, Pulse-eco Aes67 Firmware | 2025-10-14 | 8.8 High |
| The Sound4 PULSE-ECO AES67 1.22 web-based management interface is vulnerable to Remote Code Execution (RCE) via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the firmware. | ||||