FKIE_CVE-2022-50796

Vulnerability from fkie_nvd - Published: 2025-12-30 23:15 - Updated: 2026-01-16 19:16
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an unauthenticated remote code execution vulnerability in the firmware upload functionality with path traversal flaw. Attackers can exploit the upload.cgi script to write malicious files to the system with www-data permissions, enabling unauthorized access and code execution.
References
disclosure@vulncheck.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/247951Third Party Advisory
disclosure@vulncheck.comhttps://packetstormsecurity.com/files/170268/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-upload.cgi-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
disclosure@vulncheck.comhttps://www.sound4.com/Product
disclosure@vulncheck.comhttps://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-unauthenticated-remote-code-execution-via-uploadcgiThird Party Advisory
disclosure@vulncheck.comhttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5741.phpExploit, Third Party Advisory
Impacted products
Vendor Product Version
sound4 impact_firmware 2.15
sound4 impact 2.0
sound4 impact_firmware 1.69
sound4 impact 1.0
sound4 pulse_firmware 2.15
sound4 pulse 2.0
sound4 pulse_firmware 1.69
sound4 pulse 1.0
sound4 first_firmware 2.15
sound4 first 2.0
sound4 first_firmware 1.69
sound4 first 1.0
sound4 impact_eco_firmware 1.16
sound4 impact_eco -
sound4 pulse_eco_firmware 1.16
sound4 pulse_eco -
sound4 big_voice4_firmware 1.2
sound4 big_voice4 -
sound4 big_voice2_firmware 1.30
sound4 big_voice2 -
sound4 wm2_firmware 1.11
sound4 wm2 -
sound4 stream_extension 2.4.29
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:impact_firmware:2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C347FE-DA7B-4137-87B8-E6A8AF4D307F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:impact:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A735654-A166-4B56-BF4D-F165B7E11043",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:impact_firmware:1.69:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C4CF02A-8CF1-46FF-9EC0-FF779D60B6EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:impact:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9BD81B-573A-4DA7-AC47-6C8AF1B6B18F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:pulse_firmware:2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "18E34118-F11B-4BF2-BE23-7DAE0A6790FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:pulse:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C46BF88C-955C-4F9E-B782-1EADA068F19D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:pulse_firmware:1.69:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0699DEA-9CDA-4BB4-8FA3-6A6FADE1A61E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:pulse:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "051868AE-E364-4CB3-B927-42B4E0C19D01",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:first_firmware:2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBDECDEC-C5A2-4B0D-B3E0-58CCCC804BCF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:first:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EF10967-A7DC-4DF0-94BE-935FFC1888D6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:first_firmware:1.69:*:*:*:*:*:*:*",
              "matchCriteriaId": "713CC97E-CC0A-41B8-B8CA-EAD8F774F77C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:first:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4034A51-85E1-44E7-973B-7BFFFB083832",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:impact_eco_firmware:1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ED99BE5-4598-4D5C-B0F0-3BE6E5B05C10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:impact_eco:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4B0A611-C50E-4397-ACDF-8D090D4AFC88",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:pulse_eco_firmware:1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A3C132F-ACCE-4618-8EC2-31624571F0BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:pulse_eco:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "71E155FD-162E-4EA9-9BD9-89384B3AD175",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:big_voice4_firmware:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFF4C955-E4AF-4A3A-89F9-481CE5DB7BF1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:big_voice4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "404A1397-CD88-4CB5-99B9-B84F3359E13F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:big_voice2_firmware:1.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "45230C2E-D043-45F5-869F-FEB0A3AEB5DE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:big_voice2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C68C1DC-EC1C-445B-B78C-6E4B64BB5DB0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sound4:wm2_firmware:1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "05D5318D-BD08-4D8E-9D94-4D0FD0C0023E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sound4:wm2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED8E14DD-2C04-4080-AAE9-6D770436AC6C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sound4:stream_extension:2.4.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFFD1447-69A1-4FA0-B285-6F16D9113558",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SOUND4 IMPACT/FIRST/PULSE/Eco \u003c=2.x contains an unauthenticated remote code execution vulnerability in the firmware upload functionality with path traversal flaw. Attackers can exploit the upload.cgi script to write malicious files to the system with www-data permissions, enabling unauthorized access and code execution."
    },
    {
      "lang": "es",
      "value": "SOUND4 IMPACT/FIRST/PULSE/Eco \u0026lt;=2.x contiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo no autenticada en la funcionalidad de carga de firmware con un fallo de salto de ruta. Los atacantes pueden explotar el script upload.cgi para escribir archivos maliciosos en el sistema con permisos de www-data, lo que permite el acceso no autorizado y la ejecuci\u00f3n de c\u00f3digo."
    }
  ],
  "id": "CVE-2022-50796",
  "lastModified": "2026-01-16T19:16:12.300",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "disclosure@vulncheck.com",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 9.3,
          "baseSeverity": "CRITICAL",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "disclosure@vulncheck.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-12-30T23:15:46.743",
  "references": [
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/247951"
    },
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://packetstormsecurity.com/files/170268/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-upload.cgi-Code-Execution.html"
    },
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Product"
      ],
      "url": "https://www.sound4.com/"
    },
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-unauthenticated-remote-code-execution-via-uploadcgi"
    },
    {
      "source": "disclosure@vulncheck.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5741.php"
    }
  ],
  "sourceIdentifier": "disclosure@vulncheck.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "disclosure@vulncheck.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.