ReportizFlow
Filtered by vendor Sound4
Subscriptions
Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-53960 | 1 Sound4 | 3 First, Impact, Pulse-eco | 2025-12-24 | 8.2 High |
| SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x contains an SQL injection vulnerability in the 'index.php' authentication mechanism that allows attackers to manipulate login credentials. Attackers can inject malicious SQL code through the 'password' POST parameter to bypass authentication and potentially gain unauthorized access to the system. | ||||
| CVE-2023-53963 | 1 Sound4 | 3 First, Impact, Pulse-eco | 2025-12-24 | 9.8 Critical |
| SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can exploit the login.php and index.php scripts by injecting shell commands via the 'password' POST parameter to execute commands with web server privileges. | ||||
| CVE-2023-53955 | 1 Sound4 | 3 First, Impact, Pulse-eco | 2025-12-24 | 9.8 Critical |
| SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access hidden system resources. Attackers can exploit the vulnerability by manipulating user-supplied input to execute privileged functionalities without proper authentication. | ||||
| CVE-2023-53962 | 1 Sound4 | 3 First, Impact, Pulse-eco | 2025-12-24 | 7.5 High |
| SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated directory traversal vulnerability that allows remote attackers to write arbitrary files through the 'upgfile' parameter in upload.cgi. Attackers can exploit the vulnerability by sending crafted multipart form-data POST requests with directory traversal sequences to write files to unintended system locations. | ||||
| CVE-2023-53961 | 1 Sound4 | 3 First, Impact, Pulse-eco | 2025-12-24 | 5.3 Medium |
| SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages that submit HTTP requests to the radio processing interface, triggering unintended administrative operations when a logged-in user visits the page. | ||||
| CVE-2023-53965 | 1 Sound4 | 1 Server Service | 2025-12-24 | 8.4 High |
| SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during service startup. | ||||
| CVE-2023-53964 | 1 Sound4 | 3 First, Impact, Pulse-eco | 2025-12-24 | 7.5 High |
| SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated vulnerability in the /usr/cgi-bin/restorefactory.cgi endpoint that allows remote attackers to reset device configuration. Attackers can send a POST request to the endpoint with specific data to trigger a factory reset and bypass authentication, gaining full system control. | ||||
| CVE-2023-53966 | 1 Sound4 | 1 Linkandshare Transmitter | 2025-12-24 | 9.8 Critical |
| SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnerability that allows attackers to trigger memory stack overflows through maliciously crafted environment variables. Attackers can manipulate the username environment variable with format string payloads to potentially execute arbitrary code and crash the application. | ||||
| CVE-2025-63220 | 1 Sound4 | 1 First | 2025-11-21 | 7.2 High |
| The Sound4 FIRST web-based management interface is vulnerable to Remote Code Execution (RCE) via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the firmware. | ||||
| CVE-2025-57431 | 1 Sound4 | 3 Pulse-eco, Pulse-eco Aes67, Pulse-eco Aes67 Firmware | 2025-10-14 | 8.8 High |
| The Sound4 PULSE-ECO AES67 1.22 web-based management interface is vulnerable to Remote Code Execution (RCE) via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the firmware. | ||||
Page 1 of 1.