FKIE_CVE-2022-50792

Vulnerability from fkie_nvd - Published: 2025-12-30 23:15 - Updated: 2026-01-16 19:16
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive system files. Attackers can exploit the vulnerability by manipulating the 'file' GET parameter to disclose arbitrary files on the affected device.
References
disclosure@vulncheck.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/247916Third Party Advisory
disclosure@vulncheck.comhttps://packetstormsecurity.com/files/170263/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-Unauthenticated-File-Disclosure.htmlExploit, Third Party Advisory, VDB Entry
disclosure@vulncheck.comhttps://www.sound4.com/Product
disclosure@vulncheck.comhttps://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-unauthenticated-file-disclosure-vulnerabilityThird Party Advisory
disclosure@vulncheck.comhttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5736.phpExploit, Third Party Advisory
Impacted products
Vendor Product Version
sound4 impact_firmware 2.15
sound4 impact 2.0
sound4 impact_firmware 1.69
sound4 impact 1.0
sound4 pulse_firmware 2.15
sound4 pulse 2.0
sound4 pulse_firmware 1.69
sound4 pulse 1.0
sound4 first_firmware 2.15
sound4 first 2.0
sound4 first_firmware 1.69
sound4 first 1.0
sound4 impact_eco_firmware 1.16
sound4 impact_eco -
sound4 pulse_eco_firmware 1.16
sound4 pulse_eco -
sound4 big_voice4_firmware 1.2
sound4 big_voice4 -
sound4 big_voice2_firmware 1.30
sound4 big_voice2 -
sound4 wm2_firmware 1.11
sound4 wm2 -
sound4 stream_extension 2.4.29
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:impact_firmware:2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C347FE-DA7B-4137-87B8-E6A8AF4D307F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:impact:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A735654-A166-4B56-BF4D-F165B7E11043",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:impact_firmware:1.69:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C4CF02A-8CF1-46FF-9EC0-FF779D60B6EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:impact:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9BD81B-573A-4DA7-AC47-6C8AF1B6B18F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:pulse_firmware:2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "18E34118-F11B-4BF2-BE23-7DAE0A6790FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:pulse:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C46BF88C-955C-4F9E-B782-1EADA068F19D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:pulse_firmware:1.69:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0699DEA-9CDA-4BB4-8FA3-6A6FADE1A61E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:pulse:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "051868AE-E364-4CB3-B927-42B4E0C19D01",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:first_firmware:2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBDECDEC-C5A2-4B0D-B3E0-58CCCC804BCF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:first:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EF10967-A7DC-4DF0-94BE-935FFC1888D6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:first_firmware:1.69:*:*:*:*:*:*:*",
              "matchCriteriaId": "713CC97E-CC0A-41B8-B8CA-EAD8F774F77C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:first:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4034A51-85E1-44E7-973B-7BFFFB083832",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:impact_eco_firmware:1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ED99BE5-4598-4D5C-B0F0-3BE6E5B05C10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:impact_eco:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4B0A611-C50E-4397-ACDF-8D090D4AFC88",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:pulse_eco_firmware:1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A3C132F-ACCE-4618-8EC2-31624571F0BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:pulse_eco:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "71E155FD-162E-4EA9-9BD9-89384B3AD175",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:big_voice4_firmware:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFF4C955-E4AF-4A3A-89F9-481CE5DB7BF1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:big_voice4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "404A1397-CD88-4CB5-99B9-B84F3359E13F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:big_voice2_firmware:1.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "45230C2E-D043-45F5-869F-FEB0A3AEB5DE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:big_voice2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C68C1DC-EC1C-445B-B78C-6E4B64BB5DB0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:wm2_firmware:1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "05D5318D-BD08-4D8E-9D94-4D0FD0C0023E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:wm2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED8E14DD-2C04-4080-AAE9-6D770436AC6C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sound4:stream_extension:2.4.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFFD1447-69A1-4FA0-B285-6F16D9113558",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive system files. Attackers can exploit the vulnerability by manipulating the \u0027file\u0027 GET parameter to disclose arbitrary files on the affected device."
    },
    {
      "lang": "es",
      "value": "Las versiones 2.x e inferiores de SOUND4 IMPACT/FIRST/PULSE/Eco contienen una vulnerabilidad de divulgaci\u00f3n de archivos no autenticada que permite a atacantes remotos acceder a archivos sensibles del sistema. Los atacantes pueden explotar la vulnerabilidad manipulando el par\u00e1metro GET \u0027file\u0027 para divulgar archivos arbitrarios en el dispositivo afectado."
    }
  ],
  "id": "CVE-2022-50792",
  "lastModified": "2026-01-16T19:16:11.927",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "disclosure@vulncheck.com",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "disclosure@vulncheck.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-12-30T23:15:46.077",
  "references": [
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247916"
    },
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://packetstormsecurity.com/files/170263/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-Unauthenticated-File-Disclosure.html"
    },
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Product"
      ],
      "url": "https://www.sound4.com/"
    },
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-unauthenticated-file-disclosure-vulnerability"
    },
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5736.php"
    }
  ],
  "sourceIdentifier": "disclosure@vulncheck.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "disclosure@vulncheck.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.