📦

impact

Vendor: sound4

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 10 Remote Access

Total CVEs 57 Total Indexed

Avg. EPSS 0.94% Exploit Prob.

Latest CVE CVE-2021-35485 Mar 03

Security Vulnerability Index

Page 3 / 6

8.8 CVSS

CVE-2023-53962

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated directory traversal vulnerability that allows remote attackers to write arbitrary files through the 'upgfile' parameter in upload.cgi. Attackers can exploit the vulnerability by sending crafted multipart form-data POST requests with directory traversal sequences to write files to unintended system locations.

EPSS: 5.30%

Severity: HIGH

Dec 22, 2025

5.1 CVSS

CVE-2023-53961

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages that submit HTTP requests to the radio processing interface, triggering unintended administrative operations when a logged-in user visits the page.

EPSS: 0.06%

Severity: MEDIUM

Dec 22, 2025

9.3 CVSS

CVE-2023-53960

SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x contains an SQL injection vulnerability in the 'index.php' authentication mechanism that allows attackers to manipulate login credentials. Attackers can inject malicious SQL code through the 'password' POST parameter to bypass authentication and potentially gain unauthorized access to the system.

EPSS: 0.17%

Severity: CRITICAL

Dec 22, 2025

9.3 CVSS

CVE-2023-53955

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access hidden system resources. Attackers can exploit the vulnerability by manipulating user-supplied input to execute privileged functionalities without proper authentication.

EPSS: 0.38%

Severity: CRITICAL

Dec 22, 2025

7.2 CVSS

CVE-2025-63215

RCE

The Sound4 IMPACT web-based management interface is vulnerable to Remote Code Execution (RCE) via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the firmware.

EPSS: 0.20%

Severity: HIGH

Nov 18, 2025

5.3 CVSS

CVE-2019-17406

RCE

Nokia IMPACT < 18A has path traversal that may lead to RCE if chained with CVE-2019-1743

EPSS: 0.44%

Severity: MEDIUM

Nov 25, 2019

6.1 CVSS

CVE-2019-17405

Nokia IMPACT < 18A: has Reflected self XSS

EPSS: 0.35%

Severity: MEDIUM

Nov 25, 2019

4.3 CVSS

CVE-2019-17404

Nokia IMPACT < 18A: allows full path disclosure

EPSS: 0.27%

Severity: MEDIUM

Nov 25, 2019

8.8 CVSS

CVE-2019-17403

RCE

Nokia IMPACT < 18A: An unrestricted File Upload vulnerability was found that may lead to Remote Code Execution.

EPSS: 4.37%

Severity: HIGH

Nov 25, 2019

Displaying 9 of 57 Total Entries

1 2 3 4 5 ... 6

Total 6 Sections