CVE-2023-53964
Unknown Unknown - Not Provided
Unauthenticated Factory Reset Vulnerability in SOUND4 Devices

Publication date: 2025-12-22

Last updated on: 2025-12-22

Assigner: VulnCheck

Description
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated vulnerability in the /usr/cgi-bin/restorefactory.cgi endpoint that allows remote attackers to reset device configuration. Attackers can send a POST request to the endpoint with specific data to trigger a factory reset and bypass authentication, gaining full system control.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-22
Last Modified
2025-12-22
Generated
2026-06-16
AI Q&A
2025-12-23
EPSS Evaluated
2026-06-14
NVD
CVE-2023-53964
EUVD
EUVD-2023-60249
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sound4 impact *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2023-53964 is an unauthenticated vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco v2.x devices. It exists in the unprotected CGI endpoint /usr/cgi-bin/restorefactory.cgi, which allows remote attackers to send a crafted POST request to reset the device to factory default settings without any authentication. This factory reset causes the device to reboot with default configurations, enabling attackers to bypass authentication mechanisms and gain full control over the system. [1, 2, 4]

Impact Analysis

This vulnerability can have critical impacts including unauthorized system access and security bypass. By exploiting it, an attacker can reset the device to factory defaults, bypass authentication, and gain full administrative control. This can lead to potential denial of service due to forced reboots and compromise of the device's integrity and availability. [1, 2, 4]

Detection Guidance

This vulnerability can be detected by checking for the presence of the unprotected CGI endpoint `/usr/cgi-bin/restorefactory.cgi` on SOUND4 IMPACT/FIRST/PULSE/Eco devices running vulnerable firmware versions. A practical detection method is to send a POST request to this endpoint and observe if the device resets to factory defaults without authentication. For example, you can use the following curl command to test the endpoint: `curl -kX POST "https://[target]/cgi-bin/restorefactory.cgi" --data "0x539"`. If the device reboots or resets configuration, it is vulnerable. [2]

Mitigation Strategies

Immediate mitigation steps include restricting network access to the vulnerable `/usr/cgi-bin/restorefactory.cgi` endpoint by implementing firewall rules or network segmentation to prevent unauthorized POST requests. Additionally, monitor devices for unexpected reboots or configuration resets. Since the vulnerability allows unauthenticated factory resets, applying any available firmware updates or patches from the vendor (if released) is recommended. If no patch is available, consider disabling or restricting access to the CGI endpoint if possible. [1, 4]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53964. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart