CVE-2023-53961

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages that submit HTTP requests to the radio processing interface, triggering unintended administrative operations when a logged-in user visits the page.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
VulnCheckCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Common Weakness Enumeration
References
https://web.archive.org/web/20221207074555/https://www.sound4.com/
https://www.exploit-db.com/exploits/51168
https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-cross-site-request-forgery
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5722.php
https://www.exploit-db.com/exploits/51168
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5722.php