SOUND4 Impact, First, Pulse, and Eco Products Cross-Site Request Forgery Vulnerability
Vulnerability
A cross-site request forgery (CSRF) vulnerability has been identified in SOUND4 Impact, First, Pulse, and Eco products, all version 2.x. This vulnerability allows attackers to perform administrative actions without user consent. By crafting malicious web pages that submit HTTP requests to the radio processing interface, attackers can trigger unintended administrative operations when a logged-in user visits the page.
Impact
Exploitation of this vulnerability allows for cross-site request forgery, enabling attackers to perform actions with administrative privileges on behalf of the user.
Reproduction
To reproduce this vulnerability, a logged-in user must be tricked into visiting a malicious web page that submits an HTTP request to the radio processing interface. This can be done by creating a web page that includes a form which, when submitted, performs an administrative action such as removing a logo.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.