CVE-2023-53964
Unauthenticated Factory Reset Vulnerability in SOUND4 Devices
Publication date: 2025-12-22
Last updated on: 2025-12-22
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sound4 | impact | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2023-53964 is an unauthenticated vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco v2.x devices. It exists in the unprotected CGI endpoint /usr/cgi-bin/restorefactory.cgi, which allows remote attackers to send a crafted POST request to reset the device to factory default settings without any authentication. This factory reset causes the device to reboot with default configurations, enabling attackers to bypass authentication mechanisms and gain full control over the system. [1, 2, 4]
How can this vulnerability impact me? :
This vulnerability can have critical impacts including unauthorized system access and security bypass. By exploiting it, an attacker can reset the device to factory defaults, bypass authentication, and gain full administrative control. This can lead to potential denial of service due to forced reboots and compromise of the device's integrity and availability. [1, 2, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the unprotected CGI endpoint `/usr/cgi-bin/restorefactory.cgi` on SOUND4 IMPACT/FIRST/PULSE/Eco devices running vulnerable firmware versions. A practical detection method is to send a POST request to this endpoint and observe if the device resets to factory defaults without authentication. For example, you can use the following curl command to test the endpoint: `curl -kX POST "https://[target]/cgi-bin/restorefactory.cgi" --data "0x539"`. If the device reboots or resets configuration, it is vulnerable. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting network access to the vulnerable `/usr/cgi-bin/restorefactory.cgi` endpoint by implementing firewall rules or network segmentation to prevent unauthorized POST requests. Additionally, monitor devices for unexpected reboots or configuration resets. Since the vulnerability allows unauthenticated factory resets, applying any available firmware updates or patches from the vendor (if released) is recommended. If no patch is available, consider disabling or restricting access to the CGI endpoint if possible. [1, 4]