CVE-2023-53962

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated directory traversal vulnerability that allows remote attackers to write arbitrary files through the 'upgfile' parameter in upload.cgi. Attackers can exploit the vulnerability by sending crafted multipart form-data POST requests with dire...

high 7.5 CVSS 3.1

Published: Dec 22, 2025

Modified: Jan 16, 2026

Vendor: Sound4

Versions: 2.15,2.0,1.69,1.0,1.16,1.2,1.30,1.11,2.4.29

Description

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated directory traversal vulnerability that allows remote attackers to write arbitrary files through the 'upgfile' parameter in upload.cgi. Attackers can exploit the vulnerability by sending crafted multipart form-data POST requests with directory traversal sequences to write files to unintended system locations.

References

Related CVEs

CVSS Breakdown

Version	3.1
Score	7.5 / 10
Severity	high

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Weakness (CWE)

CWE-22

Affected Product

Vendor	Sound4
Product	Impact Firmware
Versions	2.15,2.0,1.69,1.0,1.16,1.2,1.30,1.11,2.4.29