CRITICAL🇵🇱 Wersja polska

CVE-2023-53963

CVSS 9.3v4.0pub. 2025-12-22upd. 2026-01-13

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can exploit the login.php and index.php scripts by injecting shell commands via the 'password' POST parameter to execute commands with web server privileges.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Sound4 Big Voice2

    HW
    Sound4
    wszystkie wersje
  • Sound4 Big Voice2 Firmware

    OS
    Sound4
    1.30
  • Sound4 Big Voice4

    HW
    Sound4
    wszystkie wersje
  • Sound4 Big Voice4 Firmware

    OS
    Sound4
    1.2
  • Sound4 First

    HW
    Sound4
    1.02.0
  • Sound4 First Firmware

    OS
    Sound4
    1.692.15
  • Sound4 Impact

    HW
    Sound4
    1.02.0
  • Sound4 Impact Eco

    HW
    Sound4
    wszystkie wersje
  • Sound4 Impact Eco Firmware

    OS
    Sound4
    1.16
  • Sound4 Impact Firmware

    OS
    Sound4
    1.692.15
  • Sound4 Pulse

    HW
    Sound4
    1.02.0
  • Sound4 Pulse Eco

    HW
    Sound4
    wszystkie wersje
  • Sound4 Pulse Eco Firmware

    OS
    Sound4
    1.16
  • Sound4 Pulse Firmware

    OS
    Sound4
    1.692.15
  • Sound4 Stream Extension

    APP
    Sound4
    2.4.29
  • Sound4 Wm2

    HW
    Sound4
    wszystkie wersje
  • Sound4 Wm2 Firmware

    OS
    Sound4
    1.11
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2022-50796CRITICAL9.3PL ✓ten sam produkt

RCE i path traversal w firmware upload SOUND4 IMPACT/FIRST/PULSE/Eco

CVE-2022-50794CRITICAL9.3PL ✓ten sam produkt

Command injection w parametrze username — SOUND4 IMPACT/FIRST/PULSE/Eco

CVE-2022-50696CRITICAL9.3PL ✓ten sam produkt

Zakodowane na stałe dane logowania w urządzeniach SOUND4 IMPACT/FIRST/PULSE/Eco

CVE-2023-53955CRITICAL9.3PL ✓ten sam produkt

IDOR w SOUND4 IMPACT/FIRST/PULSE/Eco v2.x — pominięcie autoryzacji

CVE-2023-53960CRITICAL9.3PL ✓ten sam produkt

SQL Injection w mechanizmie logowania SOUND4 IMPACT/FIRST/PULSE/Eco