9.8
CVE-2022-50696
- EPSS 0.28%
- Veröffentlicht 30.12.2025 22:41:35
- Zuletzt bearbeitet 16.01.2026 19:16:11
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
LoginSOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain hardcoded credentials embedded in server binaries that cannot be modified through normal device operations. Attackers can leverage these static credentials to gain unauthorized access to the device across Linux and Windows distributions without requiring user interaction.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sound4 ≫ First Firmware Version2.15
Sound4 ≫ First Firmware Version1.69
Sound4 ≫ Impact Eco Firmware Version1.16
Sound4 ≫ Pulse Eco Firmware Version1.16
Sound4 ≫ Big Voice4 Firmware Version1.2
Sound4 ≫ Big Voice2 Firmware Version1.30
Sound4 ≫ Wm2 Firmware Version1.11
Sound4 ≫ Impact Firmware Version2.15
Sound4 ≫ Impact Firmware Version1.69
Sound4 ≫ Pulse Firmware Version2.15
Sound4 ≫ Pulse Firmware Version1.69
Sound4 ≫ Stream Extension Version2.4.29
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.506 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| disclosure@vulncheck.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| disclosure@vulncheck.com | 9.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.