CVE-2022-50790

Exploit

EPSS 0.73%
Veröffentlicht 30.12.2025 22:41:37
Zuletzt bearbeitet 16.01.2026 19:16:11
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Radio Stream Disclosure

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated vulnerability that allows remote attackers to access live radio stream information through webplay or ffmpeg scripts. Attackers can exploit the vulnerability by calling specific web scripts to disclose radio stream details without requiring authentication.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 8

NVD 12 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sound4 ≫ Impact Firmware Version2.15

Sound4 ≫ Impact Version2.0

Sound4 ≫ Impact Firmware Version1.69

Sound4 ≫ Impact Version1.0

Sound4 ≫ Pulse Firmware Version2.15

Sound4 ≫ Pulse Version2.0

Sound4 ≫ Pulse Firmware Version1.69

Sound4 ≫ Pulse Version1.0

Sound4 ≫ First Firmware Version2.15

Sound4 ≫ First Version2.0

Sound4 ≫ First Firmware Version1.69

Sound4 ≫ First Version1.0

Sound4 ≫ Impact Eco Firmware Version1.16

Sound4 ≫ Impact Eco Version-

Sound4 ≫ Pulse Eco Firmware Version1.16

Sound4 ≫ Pulse Eco Version-

Sound4 ≫ Big Voice4 Firmware Version1.2

Sound4 ≫ Big Voice4 Version-

Sound4 ≫ Big Voice2 Firmware Version1.30

Sound4 ≫ Big Voice2 Version-

Sound4 ≫ Wm2 Firmware Version1.11

Sound4 ≫ Wm2 Version-

Sound4 ≫ Stream Extension Version2.4.29

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.73%	0.492

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
disclosure@vulncheck.com	6.9	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://www.sound4.com/

Product

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5734.php

Third Party Advisory

Exploit

https://packetstormsecurity.com/files/170261/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-Radio-Steam-Disclosure.html

Third Party Advisory

Exploit

VDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/247923

Third Party Advisory

https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-unauthenticated-radio-stream-disclosure

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-50790

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50790

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50790

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-50790