CVE-2023-53964

CriticalPublic PoC

Published: 22 December 2025

Published

22 December 2025

Modified

16 January 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0121 79.1th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated vulnerability in the /usr/cgi-bin/restorefactory.cgi endpoint that allows remote attackers to reset device configuration. Attackers can send a POST request to the endpoint with specific data to trigger a factory reset and bypass authentication, gaining…

full system control.

Mitigating Controls (NIST 800-53 r5)AI

AC-14 Permitted Actions Without Identification or Authentication good match

prevent

AC-14 limits and authorizes specific actions performable without identification or authentication, directly preventing the unauthenticated factory reset via the vulnerable endpoint.

AC-3 Access Enforcement good match

prevent

AC-3 enforces approved access authorizations to system resources, blocking remote unauthenticated access to the restorefactory.cgi endpoint.

SI-10 Information Input Validation partial match

prevent

SI-10 validates information inputs to the endpoint, mitigating exploitation by rejecting the specific POST data that triggers the factory reset.

Security SummaryAI

CVE-2023-53964 is an unauthenticated vulnerability (CWE-306) in the /usr/cgi-bin/restorefactory.cgi endpoint of SOUND4 IMPACT, FIRST, PULSE, and Eco devices running version 2.x. It allows remote attackers to send a POST request with specific data to trigger a factory reset of the device configuration, bypassing authentication and enabling full system control. The issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Any unauthenticated remote attacker with network access to the device can exploit this vulnerability due to the lack of authentication checks (PR:N) and low attack complexity (AC:L), with no user interaction required (UI:N). Exploitation resets the device to factory settings, disrupting operations and providing the attacker with full system control, severely impacting confidentiality, integrity, and availability.

Advisories from VulnCheck and Zero Science Laboratory (ZSL-2022-5742) detail the unauthenticated factory reset vulnerability, while a proof-of-concept exploit is publicly available on Exploit-DB (exploit 51174). An archived version of the vendor's website is referenced, but no vendor patches or specific mitigation guidance are provided in the available references.

Details

CWE(s): CWE-306

Affected Products

sound4

impact firmware

1.69, 2.15

sound4

pulse firmware

1.69, 2.15

sound4

first firmware

1.69, 2.15

sound4

impact eco firmware

1.16

sound4

pulse eco firmware

1.16

sound4

big voice4 firmware

1.2

sound4

big voice2 firmware

1.30

sound4

wm2 firmware

1.11

sound4

stream extension

2.4.29

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability is an unauthenticated remote exploit of a public-facing web CGI endpoint (/usr/cgi-bin/restorefactory.cgi), directly enabling T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://web.archive.org/web/20221207074555/https://www.sound4.com/
Product · disclosure@vulncheck.com
https://www.exploit-db.com/exploits/51174
Exploit, Third Party Advisory, VDB Entry · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-unauthenticated-factory-reset-vulnerability
Third Party Advisory · disclosure@vulncheck.com
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5742.php
Exploit, Third Party Advisory · disclosure@vulncheck.com
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5742.php
Exploit, Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0