CVE-2023-53964
Published: Dec 22, 2025
Modified: Jan 16, 2026
CVSS v3.1
9.8
Description
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated vulnerability in the /usr/cgi-bin/restorefactory.cgi endpoint that allows remote attackers to reset device configuration. Attackers can send a POST request to the endpoint with specific data to trigger a factory reset and bypass authentication, gaining full system control.
| Vendor | Product | Versions |
|---|---|---|
SOUND4 Ltd. | Impact/Pulse/First | affected Version 2: 1.1/2.15 |
SOUND4 Ltd. | Impact/Pulse Eco | affected 1.16 |
SOUND4 Ltd. | BigVoice4 | affected 1.2 |
SOUND4 Ltd. | BigVoice2 | affected 1.30 |
SOUND4 Ltd. | Stream | affected 1.1/2.4.29 |
Kantar Media | WM2 | affected 1.11 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now