CVE-2022-50796

Exploit

EPSS 1.44%
Veröffentlicht 30.12.2025 22:41:39
Zuletzt bearbeitet 16.01.2026 19:16:12
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Remote Code Execution via upload.cgi

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an unauthenticated remote code execution vulnerability in the firmware upload functionality with path traversal flaw. Attackers can exploit the upload.cgi script to write malicious files to the system with www-data permissions, enabling unauthorized access and code execution.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 8

NVD 12 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sound4 ≫ Impact Firmware Version2.15

Sound4 ≫ Impact Version2.0

Sound4 ≫ Impact Firmware Version1.69

Sound4 ≫ Impact Version1.0

Sound4 ≫ Pulse Firmware Version2.15

Sound4 ≫ Pulse Version2.0

Sound4 ≫ Pulse Firmware Version1.69

Sound4 ≫ Pulse Version1.0

Sound4 ≫ First Firmware Version2.15

Sound4 ≫ First Version2.0

Sound4 ≫ First Firmware Version1.69

Sound4 ≫ First Version1.0

Sound4 ≫ Impact Eco Firmware Version1.16

Sound4 ≫ Impact Eco Version-

Sound4 ≫ Pulse Eco Firmware Version1.16

Sound4 ≫ Pulse Eco Version-

Sound4 ≫ Big Voice4 Firmware Version1.2

Sound4 ≫ Big Voice4 Version-

Sound4 ≫ Big Voice2 Firmware Version1.30

Sound4 ≫ Big Voice2 Version-

Sound4 ≫ Wm2 Firmware Version1.11

Sound4 ≫ Wm2 Version-

Sound4 ≫ Stream Extension Version2.4.29

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.44%	0.698

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
disclosure@vulncheck.com	9.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://www.sound4.com/

Product

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5741.php

Third Party Advisory

Exploit

https://packetstormsecurity.com/files/170268/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-upload.cgi-Code-Execution.html

Third Party Advisory

Exploit

VDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/247951

Third Party Advisory

https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-unauthenticated-remote-code-execution-via-uploadcgi

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-50796

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50796

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50796

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-50796