プラットフォーム
other
コンポーネント
sound4-impact-first-pulse-eco
修正版
2.0.1
1.16.1
1.2.1
1.30.1
1.1.1
1.11.1
CVE-2023-53964 describes a critical unauthenticated vulnerability affecting SOUND4 IMPACT/FIRST/PULSE/Eco devices running versions up to 2.15. This flaw resides within the /usr/cgi-bin/restorefactory.cgi endpoint, enabling attackers to trigger a factory reset without authentication. Successful exploitation grants attackers complete control over the device, potentially leading to significant operational disruption and data compromise.
The impact of CVE-2023-53964 is severe due to the lack of authentication required to exploit it. An attacker can remotely trigger a factory reset on vulnerable devices simply by sending a crafted POST request to the /usr/cgi-bin/restorefactory.cgi endpoint. This reset wipes the device's configuration, effectively allowing the attacker to take over the device and reconfigure it for malicious purposes. The blast radius extends to any system relying on these devices, as compromised devices can be used as pivot points for further attacks within the network. This vulnerability is particularly concerning given the potential for widespread deployment of SOUND4 devices in critical infrastructure and industrial control systems.
CVE-2023-53964 was published on 2025-12-22. The vulnerability's ease of exploitation, coupled with the potential for widespread deployment of affected devices, suggests a medium probability of exploitation. Public proof-of-concept (PoC) code is currently unknown, but the simplicity of the attack vector makes it likely that such code will emerge. Monitor security advisories and threat intelligence feeds for updates on exploitation activity.
Organizations utilizing SOUND4 IMPACT/FIRST/PULSE/Eco devices in industrial control systems, building automation, or any environment where device configuration is critical are at significant risk. Shared hosting environments where multiple customers share the same device infrastructure are also particularly vulnerable.
• linux / server: Monitor access logs for POST requests to /usr/cgi-bin/restorefactory.cgi from unexpected IP addresses. Use ss -lntp to identify processes listening on ports associated with the web server.
grep -i 'restorefactory.cgi' /var/log/apache2/access.log• generic web: Use curl to test the endpoint and observe the response. A successful reset should be indicated by a change in device configuration.
curl -X POST http://<device_ip>/usr/cgi-bin/restorefactory.cgidisclosure
エクスプロイト状況
EPSS
1.04% (77% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2023-53964 is to upgrade to a patched version of SOUND4 IMPACT/FIRST/PULSE/Eco as soon as it becomes available. Until a patch is released, consider isolating vulnerable devices from external networks to prevent unauthorized access. Implement strict network segmentation to limit the potential impact of a successful attack. Monitor network traffic for suspicious POST requests targeting the /usr/cgi-bin/restorefactory.cgi endpoint. Consider using a Web Application Firewall (WAF) to block requests to this endpoint, although this may impact legitimate functionality. Regularly review device configurations and access logs for any signs of unauthorized activity.
Actualizar el firmware del dispositivo SOUND4 IMPACT/FIRST/PULSE/Eco a una versión que corrija la vulnerabilidad. Contacte al proveedor para obtener la actualización de firmware correspondiente.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2023-53964 is a critical vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco devices (versions ≤2.15) that allows unauthenticated attackers to remotely reset the device configuration, gaining full control.
You are affected if you are using SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.15 or earlier. Check your device version and upgrade as soon as a patch is available.
The recommended fix is to upgrade to a patched version of SOUND4 IMPACT/FIRST/PULSE/Eco. Until a patch is available, isolate vulnerable devices and monitor network traffic.
While active exploitation is not yet confirmed, the vulnerability's ease of exploitation suggests a potential for exploitation. Monitor security advisories and threat intelligence feeds.
Refer to the SOUND4 website or contact their support team for the official advisory and patch information regarding CVE-2023-53964.