Cyber Resilience

CVE-2023-53964

HighPublic PoC

Published: 22 December 2025

Published
22 December 2025
Modified
16 January 2026
KEV Added
Patch
CVSS Score v4 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0087 54.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-53964 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Sound4 Impact Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 45.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2023-53964 is an unauthenticated vulnerability (CWE-306) in the /usr/cgi-bin/restorefactory.cgi endpoint of SOUND4 IMPACT, FIRST, PULSE, and Eco devices running version 2.x. It allows remote attackers to send a POST request with specific data to trigger a factory reset of the device configuration, bypassing authentication and enabling full system control. The issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Any unauthenticated remote attacker with network access to the device can exploit this vulnerability due to the lack of authentication checks (PR:N) and low attack complexity (AC:L), with no user interaction required (UI:N). Exploitation resets the device to factory settings, disrupting operations and providing the attacker with full system control, severely impacting confidentiality, integrity, and availability.

Advisories from VulnCheck and Zero Science Laboratory (ZSL-2022-5742) detail the unauthenticated factory reset vulnerability, while a proof-of-concept exploit is publicly available on Exploit-DB (exploit 51174). An archived version of the vendor's website is referenced, but no vendor patches or specific mitigation guidance are provided in the available references.

EU & UK References

Vulnerability details

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated vulnerability in the /usr/cgi-bin/restorefactory.cgi endpoint that allows remote attackers to reset device configuration. Attackers can send a POST request to the endpoint with specific data to trigger a factory reset and bypass authentication, gaining…

more

full system control.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability is an unauthenticated remote exploit of a public-facing web CGI endpoint (/usr/cgi-bin/restorefactory.cgi), directly enabling T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2023-53960Same product: Sound4 Big Voice2
CVE-2022-50796Same product: Sound4 Big Voice2
CVE-2023-53955Same product: Sound4 Big Voice2
CVE-2022-50794Same product: Sound4 Big Voice2
CVE-2023-53963Same product: Sound4 Big Voice2
CVE-2022-50696Same product: Sound4 Big Voice2
CVE-2022-50695Same product: Sound4 Big Voice2
CVE-2022-50793Same product: Sound4 Big Voice2
CVE-2023-53962Same product: Sound4 Big Voice2
CVE-2022-50792Same product: Sound4 Big Voice2

Affected Assets

sound4
impact firmware
1.69, 2.15
sound4
pulse firmware
1.69, 2.15
sound4
first firmware
1.69, 2.15
sound4
impact eco firmware
1.16
sound4
pulse eco firmware
1.16
sound4
big voice4 firmware
1.2
sound4
big voice2 firmware
1.30
sound4
wm2 firmware
1.11
sound4
stream extension
2.4.29

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

AC-14 limits and authorizes specific actions performable without identification or authentication, directly preventing the unauthenticated factory reset via the vulnerable endpoint.

prevent

AC-3 enforces approved access authorizations to system resources, blocking remote unauthenticated access to the restorefactory.cgi endpoint.

prevent

SI-10 validates information inputs to the endpoint, mitigating exploitation by rejecting the specific POST data that triggers the factory reset.

References